diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index 352f24e3f..098c10e2e 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -12,4 +12,4 @@ - [ ] Documentation has been updated with helm-docs (run: `.github/helm-docs.sh`) - [ ] `CHANGELOG.md` has been updated - [ ] Variables are documented in the `README.md` -- [ ] For Datadog Operator chart or value changes update the test baselines (run: `make update-test-baselines`) +- [ ] For `datadog` or `datadog-operator` chart or value changes, update the test baselines (run: `make update-test-baselines`) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 1276ef2ed..f7e423043 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -17,18 +17,18 @@ jobs: charts: ${{ steps.list-changed.outputs.changed }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5.0 with: version: v3.6.3 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (list-changed) id: list-changed env: @@ -52,14 +52,14 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (lint) run: ct lint --config .github/ct.yaml @@ -69,7 +69,7 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Run helm-docs @@ -100,7 +100,7 @@ jobs: - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Add datadog helm repo @@ -145,20 +145,20 @@ jobs: kind: v0.22.0 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Create kind ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: version: ${{ matrix.versions.kind }} node_image: kindest/node:${{ matrix.versions.k8s}} config: .github/kind_config.yaml - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (install) run: ct install --config .github/ct.yaml diff --git a/.github/workflows/go-test-datadog.yaml b/.github/workflows/go-test-datadog.yaml new file mode 100644 index 000000000..990417e72 --- /dev/null +++ b/.github/workflows/go-test-datadog.yaml @@ -0,0 +1,42 @@ +name: Go Test Datadog +on: + push: + paths: + - 'test/datadog/**' + - 'charts/datadog/**' + pull_request: + paths: + - 'test/datadog/**' + - 'charts/datadog/**' + +# Permission forced by repo-level setting; only elevate on job-level +permissions: + contents: read + # packages: read + +env: + GO111MODULE: "on" + PROJECTNAME: "helm-charts" +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Set up Go + uses: actions/setup-go@0caeaed6fd66a828038c2da3c0f662a42862658f # v1.1.3 + with: + go-version: 1.21 + id: go + - name: Set up Helm + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 + with: + version: v3.14.0 + - name: Add Datadog Helm repo + run: helm repo add datadog https://helm.datadoghq.com && helm repo update + - name: Add Prometheus Community Helm repo + run: helm repo add prometheus-community https://prometheus-community.github.io/helm-charts && helm repo update + - name: Check out code into the Go module directory + uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0 + - name: run Go tests + run: | + helm dependency build ./charts/datadog + make unit-test-datadog diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test-operator.yaml similarity index 87% rename from .github/workflows/go-test.yaml rename to .github/workflows/go-test-operator.yaml index 739a20b1b..20192dd45 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test-operator.yaml @@ -22,18 +22,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Go - uses: actions/setup-go@v1 + uses: actions/setup-go@0caeaed6fd66a828038c2da3c0f662a42862658f # v1.1.3 with: go-version: 1.21 id: go - name: Set up Helm - uses: azure/setup-helm@v4.2.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.14.0 - name: Add Datadog Helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Check out code into the Go module directory - uses: actions/checkout@v1 + uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0 - name: run Go tests run: | helm dependency build ./charts/datadog-operator @@ -70,11 +70,11 @@ jobs: kind: v0.22.0 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Create K8s ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: version: ${{ matrix.versions.kind }} node_image: kindest/node:${{ matrix.versions.k8s }} diff --git a/.github/workflows/go-test-private-action-runner.yaml b/.github/workflows/go-test-private-action-runner.yaml index dc26fd575..06b1639af 100644 --- a/.github/workflows/go-test-private-action-runner.yaml +++ b/.github/workflows/go-test-private-action-runner.yaml @@ -22,18 +22,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Go - uses: actions/setup-go@v1 + uses: actions/setup-go@0caeaed6fd66a828038c2da3c0f662a42862658f # v1.1.3 with: go-version: 1.21 id: go - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5.0 with: version: v3.10.1 - name: Add Datadog Helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Check out code into the Go module directory - uses: actions/checkout@v1 + uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0 - name: run Go tests run: | helm dependency build ./charts/private-action-runner diff --git a/.github/workflows/no-ci.yaml b/.github/workflows/no-ci.yaml index f7224dd5d..79b8089bf 100644 --- a/.github/workflows/no-ci.yaml +++ b/.github/workflows/no-ci.yaml @@ -1,9 +1,8 @@ -name: No lint and test needed +name: No chart lint and test needed on: pull_request: paths-ignore: - 'charts/**' - - 'test/**' jobs: pr-validated: name: pr-validated diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml index ff711a73d..c8a50951a 100644 --- a/.github/workflows/pr-labeler.yaml +++ b/.github/workflows/pr-labeler.yaml @@ -17,7 +17,7 @@ jobs: pull-requests: write timeout-minutes: 5 steps: - - uses: actions/labeler@v5 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" configuration-path: .github/workflows/labeler/labels.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e33b3d11f..e9ba1d964 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -17,7 +17,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - name: Configure Git @@ -29,7 +29,7 @@ jobs: helm repo add datadog https://helm.datadoghq.com helm repo add kube-state-metrics https://prometheus-community.github.io/helm-charts - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 env: CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' CR_SKIP_EXISTING: true # Ignore chart changes when version was not updated (documentation) diff --git a/Makefile b/Makefile index 493319bbe..7699b0cb1 100644 --- a/Makefile +++ b/Makefile @@ -48,6 +48,10 @@ vet: unit-test: go test -C test ./... -count=1 +.PHONY: unit-test-datadog +unit-test-datadog: + go test -C test ./datadog -count=1 + .PHONY: unit-test-operator unit-test-operator: go test -C test ./datadog-operator -count=1 diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index b55387c05..6e8e7a860 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +# 2.4.1 + +* Add DatadogGenericResources CRD. + +# 2.4.0 + +* Update CRDs from Datadog Operator v1.12.0 tag. + # 2.3.0 * Update CRDs from Datadog Operator v1.11.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index 3402f3d30..415d50bdd 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 2.3.0 +version: 2.4.1 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 3da17dcde..b109ff020 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.4.1](https://img.shields.io/badge/Version-2.4.1-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. @@ -25,6 +25,7 @@ But the recommended Kubernetes versions are `1.16+`. | crds.datadogAgentProfiles | bool | `false` | Set to true to deploy the DatadogAgentProfiles CRD | | crds.datadogAgents | bool | `false` | Set to true to deploy the DatadogAgents CRD | | crds.datadogDashboards | bool | `false` | Set to true to deploy the DatadogDashboards CRD | +| crds.datadogGenericResources | bool | `false` | Set to true to deploy the DatadogGenericResources CRD | | crds.datadogMetrics | bool | `false` | Set to true to deploy the DatadogMetrics CRD | | crds.datadogMonitors | bool | `false` | Set to true to deploy the DatadogMonitors CRD | | crds.datadogPodAutoscalers | bool | `false` | Set to true to deploy the DatadogPodAutoscalers CRD | diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml index e16b1bdcf..465d9b42f 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -260,6 +260,12 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + runtimeClassName: + description: |- + If specified, indicates the pod's RuntimeClass kubelet should use to run the pod. + If the named RuntimeClass does not exist, or the CRI cannot run the corresponding handler, the pod enters the Failed terminal phase. + If no runtimeClassName is specified, the default RuntimeHandler is used, which is equivalent to the behavior when the RuntimeClass feature is disabled. + type: string updateStrategy: description: |- The deployment strategy to use to replace existing pods with new ones. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index af1e555c1..8036de9ab 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -261,6 +261,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -708,6 +713,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: @@ -2444,6 +2512,8 @@ spec: replicas: format: int32 type: integer + runtimeClassName: + type: string securityContext: properties: appArmorProfile: @@ -3741,6 +3811,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -4188,6 +4263,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadoggenericresources_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadoggenericresources_v1.yaml new file mode 100644 index 000000000..e02cb7a43 --- /dev/null +++ b/charts/datadog-crds/templates/datadoghq.com_datadoggenericresources_v1.yaml @@ -0,0 +1,164 @@ +{{- if and .Values.crds.datadogGenericResources (semverCompare ">1.21-0" .Capabilities.KubeVersion.GitVersion ) }} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: datadoggenericresources.datadoghq.com + labels: + helm.sh/chart: '{{ include "datadog-crds.chart" . }}' + app.kubernetes.io/managed-by: '{{ .Release.Service }}' + app.kubernetes.io/name: '{{ include "datadog-crds.name" . }}' + app.kubernetes.io/instance: '{{ .Release.Name }}' +spec: + group: datadoghq.com + names: + kind: DatadogGenericResource + listKind: DatadogGenericResourceList + plural: datadoggenericresources + shortNames: + - ddgr + singular: datadoggenericresource + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogGenericResource is the Schema for the DatadogGenericResources API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogGenericResourceSpec defines the desired state of DatadogGenericResource + properties: + jsonSpec: + description: JsonSpec is the specification of the API object + type: string + type: + description: Type is the type of the API object + enum: + - notebook + - synthetics_api_test + - synthetics_browser_test + type: string + required: + - jsonSpec + - type + type: object + status: + description: DatadogGenericResourceStatus defines the observed state of DatadogGenericResource + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogGenericResource. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the object was created. + format: date-time + type: string + creator: + description: Creator is the identity of the creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogGenericResourceSpec to know + if the JsonSpec has changed and needs an update. + type: string + id: + description: Id is the object unique identifier generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API object was last force synced with the custom resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the object state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml index 7ef853b56..355798a05 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml @@ -231,6 +231,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. @@ -297,6 +305,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. diff --git a/charts/datadog-crds/update-crds.sh b/charts/datadog-crds/update-crds.sh index 457b77afd..12b858d3f 100755 --- a/charts/datadog-crds/update-crds.sh +++ b/charts/datadog-crds/update-crds.sh @@ -60,3 +60,4 @@ download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogslos datado download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogagentprofiles datadogAgentProfiles v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogpodautoscalers datadogPodAutoscalers v1 download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadogdashboards datadogDashboards v1 +download_crd "$DATADOG_OPERATOR_REPO" "$DATADOG_OPERATOR_TAG" datadoggenericresources datadogGenericResources v1 diff --git a/charts/datadog-crds/values.yaml b/charts/datadog-crds/values.yaml index 2b89e21f0..b532e25f1 100644 --- a/charts/datadog-crds/values.yaml +++ b/charts/datadog-crds/values.yaml @@ -17,6 +17,8 @@ crds: datadogPodAutoscalers: false # crds.datadogDashboards -- Set to true to deploy the DatadogDashboards CRD datadogDashboards: false + # crds.datadogGenericResources -- Set to true to deploy the DatadogGenericResources CRD + datadogGenericResources: false # nameOverride -- Override name of app nameOverride: "" diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index a7ed55f0a..75ed1131a 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,14 @@ # Changelog +## 2.7.0 + +* Update Datadog Operator version to 1.12.1. + +## 2.6.0 + +* Update Datadog Operator version to 1.12.0. +* Add DatadogGenericResource configuration. + ## 2.5.1 * Expose CRD-specific namespace watch configuration added in Operator 1.8.0 release. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index e5aa3049e..5aad792c5 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 2.3.0 -digest: sha256:67db7e15aa50bde3e2e62273b71402d2e4302c71f13201c3646ee5865e236106 -generated: "2024-12-18T14:19:32.327237+01:00" + version: 2.4.1 +digest: sha256:aad0385741a8458b9061a7117318d93f834e3314e5f794411b4001a534a9d6ee +generated: "2025-02-07T14:26:48.62608-05:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 23065c712..64cb814c7 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 2.5.1 -appVersion: 1.11.1 +version: 2.7.0 +appVersion: 1.12.1 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=2.3.0" + version: "=2.4.1" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 2e67681f0..cd369d95b 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.5.1](https://img.shields.io/badge/Version-2.5.1-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square) +![Version: 2.7.0](https://img.shields.io/badge/Version-2.7.0-informational?style=flat-square) ![AppVersion: 1.12.1](https://img.shields.io/badge/AppVersion-1.12.1-informational?style=flat-square) ## Values @@ -19,11 +19,13 @@ | datadogAgentProfile.enabled | bool | `false` | If true, enables DatadogAgentProfile controller (beta). Requires v1.5.0+ | | datadogCRDs.crds.datadogAgents | bool | `true` | Set to true to deploy the DatadogAgents CRD | | datadogCRDs.crds.datadogDashboards | bool | `false` | Set to true to deploy the DatadogDashboard CRD | +| datadogCRDs.crds.datadogGenericResources | bool | `false` | Set to true to deploy the DatadogGenericResource CRD | | datadogCRDs.crds.datadogMetrics | bool | `true` | Set to true to deploy the DatadogMetrics CRD | | datadogCRDs.crds.datadogMonitors | bool | `true` | Set to true to deploy the DatadogMonitors CRD | | datadogCRDs.crds.datadogPodAutoscalers | bool | `true` | Set to true to deploy the DatadogPodAutoscalers CRD | | datadogCRDs.crds.datadogSLOs | bool | `false` | Set to true to deploy the DatadogSLO CRD | | datadogDashboard.enabled | bool | `false` | Enables the Datadog Dashboard controller | +| datadogGenericResource.enabled | bool | `false` | Enables the Datadog Generic Resource controller | | datadogMonitor.enabled | bool | `false` | Enables the Datadog Monitor controller | | datadogSLO.enabled | bool | `false` | Enables the Datadog SLO controller | | dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | @@ -33,7 +35,7 @@ | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.11.1"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.12.1"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index 50dc92353..f17953f81 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -85,6 +85,6 @@ Check operator image tag version. {{- if not .Values.image.doNotCheckTag -}} {{- .Values.image.tag -}} {{- else -}} -{{ "1.11.1" }} +{{ "1.12.1" }} {{- end -}} {{- end -}} diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 79c245eb6..dc69c7b8d 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -226,6 +226,8 @@ rules: resources: - datadogagents - datadogagents/finalizers + - datadoggenericresources + - datadoggenericresources/finalizers - datadogmonitors - datadogmonitors/finalizers - datadogslos @@ -243,6 +245,7 @@ rules: - datadoghq.com resources: - datadogagents/status + - datadoggenericresources/status - datadogmonitors/status - datadogslos/status verbs: @@ -347,6 +350,13 @@ rules: verbs: - list - watch +- apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics + - "metrics.eks.amazonaws.com" + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get {{- if .Values.datadogAgentProfile.enabled }} - apiGroups: - "" diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index 6532eb07c..8a616fa7b 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -148,6 +148,9 @@ spec: {{- if (semverCompare ">=1.9.0-0" $version) }} - "-datadogDashboardEnabled={{ .Values.datadogDashboard.enabled }}" {{- end }} + {{- if (semverCompare ">=1.12.0" $version) }} + - "-datadogGenericResourceEnabled={{ .Values.datadogGenericResource.enabled }}" + {{- end }} {{- if (semverCompare ">=1.7.0" $version) }} - "-remoteConfigEnabled={{ .Values.remoteConfiguration.enabled }}" {{- end }} diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index d2c1be14e..74f1dddec 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -47,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.11.1 + tag: 1.12.1 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. @@ -87,6 +87,9 @@ datadogAgent: datadogDashboard: # datadogDashboard.enabled -- Enables the Datadog Dashboard controller enabled: false +datadogGenericResource: + # datadogGenericResource.enabled -- Enables the Datadog Generic Resource controller + enabled: false datadogMonitor: # datadogMonitor.enabled -- Enables the Datadog Monitor controller enabled: false @@ -147,6 +150,8 @@ datadogCRDs: datadogSLOs: false # datadogCRDs.crds.datadogDashboards -- Set to true to deploy the DatadogDashboard CRD datadogDashboards: false + # datadogCRDs.crds.datadogGenericResources -- Set to true to deploy the DatadogGenericResource CRD + datadogGenericResources: false # podAnnotations -- Allows setting additional annotations for Datadog Operator PODs podAnnotations: {} diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 675248aff..aeb4f54b2 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,9 +1,127 @@ # Datadog changelog -## 3.88.3 +## 3.106.1 * Add default container resource values for GKE Autopilot +## 3.106.0 + +* Target based workload selection for Single Step Instrumentation has been added in preview (requires Cluster Agent 7.64.0+) + +## 3.105.0 + +* Add `datadog.discovery.networkStats.enabled` configuration to control Service Discovery network stats collection. + +## 3.104.0 + +* Add `datadog.otelCollector.rbac.create` to control creation additional ClusterRole for `otel-agent` required by Kubernetes Attributes processor. +* Add `datadog.otelCollector.rbac.rules` to support additional RBAC permissions required by OTel components that are not included by default with `otel-agent`. + +## 3.103.1 + +* Update `fips.image.tag` to `1.1.8` fixing CVEs + +## 3.103.0 + +* Upgrade default Agent version to `7.63.3`. + +## 3.102.0 + +* Add a mount for the Kubernetes PodResources socket. + +## 3.101.1 + +* Add the `NVIDIA_VISIBLE_DEVICES` environment variable to the containers when GPU monitoring is enabled: if the NVIDIA k8s device plugin does not support volume mounts for requesting devices (controlled by the `accept-nvidia-visible-devices-as-volume-mount` setting) we need to request devices via the environment variable. + +## 3.101.0 + +* Add multiple Universal Service Monitoring configurations support. + * `datadog.serviceMonitoring.tls.go.enabled` to control Go TLS monitoring. + * `datadog.serviceMonitoring.tls.istio.enabled` to control Istio TLS monitoring. + * `datadog.serviceMonitoring.tls.nodejs.enabled` to control Node.js TLS monitoring. + * `datadog.serviceMonitoring.tls.native.enabled` to control native (openssl, libssl, gnutls) TLS monitoring. + * `datadog.serviceMonitoring.httpMonitoringEnabled` to control HTTP monitoring. + * `datadog.serviceMonitoring.http2MonitoringEnabled` to control HTTP/2 & gRPC monitoring. + +## 3.100.0 + +* Enable `system-probe` container on GKE Autopilot (requires GKE 1.32.1-gke.1729000 or later). + +## 3.99.0 + +* Upgrade default Agent version to `7.63.2`. + +## 3.98.1 + +* Fixes bug that causes `DD_KUBERNETES_ANNOTATIONS_AS_TAGS` env var to be incorrectly set to the merged value of `.Values.datadog.kubernetesResourcesLabelsAsTags` and `.Values.datadog.kubernetesResourcesAnnotationsAsTags`. + +## 3.98.0 + +* Add AllowlistSynchronizer custom resource for new GKE Autopilot WorkloadAllowlists. Requires GKE version 1.32. + 1-gke.1729000 or later. + +## 3.97.0 + +* Update apm.instrumentation documentation from beta to preview. + +## 3.96.0 + +* Upgrade default Agent version to `7.63.0`. + +## 3.95.0 + +* Fix a bug where setting `datadog.containerImageCollection.enabled` to `false` does not disable image collection. + +## 3.94.0 + +* Support adding labels to the Agent service account via `agents.rbac.serviceAccountAdditionalLabels`. +* Support adding labels to the Cluster Agent service account via `clusterAgent.rbac.serviceAccountAdditionalLabels`. +* Support adding labels to the Cluster Checks Runner service account via `clusterChecksRunner.rbac.serviceAccountAdditionalLabels`. + +## 3.93.0 + +* Revert "Add a mount for the Kubernetes PodResources socket." + +## 3.92.0 + +* Add a mount for the Kubernetes PodResources socket. + +## 3.91.0 + +* Add support for GPU monitoring + +## 3.90.5 + +* Update `fips.image.tag` to `1.1.7` updating openSSL version to 3.0.16 + +## 3.90.4 + +* Fix RBAC rendering and map merge when `datadog.kubernetesResourcesAnnotationsAsTags` and/or `datadog.kubernetesResourcesLabelsAsTags` are used. + +## 3.90.3 + +* Defaults `registry` to `gcr.io/datadoghq` when setting `datadog.site: us3.datadoghq.com` and deploying on GKE Autopilot (`providers.gke.autopilot: true`). + +## 3.90.2 + +* Adds env vars `DD_AGENT_IPC_PORT` and `DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL` when Otel Agent is enabled and adds flag `--sync-delay=30s` to otel agent. + +## 3.90.1 + +* Add rule to clusterrole to allow the node agent to query the EKS control plane metrics API + +## 3.90.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.62.0`. + +## 3.89.0 + +* Add `clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus` to disable `use_component_status` option for kubernetes_apiserver check. + +## 3.88.3 + +* Mount /var/lib/containers to generate SBOMs for CRI-O. + ## 3.88.2 * Disable running process check in core Agent by default feature for GKE Autopilot, as it is not supported. @@ -26,7 +144,7 @@ ## 3.87.0 -* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. +* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. ## 3.86.0 @@ -1501,7 +1619,7 @@ Get rid of the old GODEBUG=x509ignoreCN=0 hack that is not effective anymore in ## 2.30.3 * Add `datadog.logs.autoMultiLineDetection` parameter to setup automatic multi-line log detection - See + See [https://docs.datadoghq.com/agent/logs/advanced_log_collection/?tab=configurationfile#automatic-multi-line-aggregation](https://docs.datadoghq.com/agent/logs/advanced_log_collection/?tab=configurationfile#automatic-multi-line-aggregation) This new option requires an agent 7.32+. ## 2.30.2 @@ -1999,7 +2117,7 @@ Change OpenShift SCC priorities from 10 to 8 to avoid conflicts with OpenShift A ## 2.11.6 * Improve support for environment autodiscovery by removing explicit setting of `DOCKER_HOST` by default with Agent 7.27+. -Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocketPath` or `datadog.criSocketPath`, except if your setup is using non-standard paths. + Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocketPath` or `datadog.criSocketPath`, except if your setup is using non-standard paths. ## 2.11.5 @@ -2356,7 +2474,7 @@ Starting Agent 7.27, the recommended setup is to never set `datadog.dockerSocket ## 2.4.23 * Add `datadog.envFrom` parameter to support passing references to secrets and/or configmaps for environment -variables, instead of passing one by one. + variables, instead of passing one by one. ## 2.4.22 @@ -2377,11 +2495,11 @@ variables, instead of passing one by one. * `agents.networkPolicy.create` * `clusterAgent.networkPolicy.create` * `clusterChecksRunner.networkPolicy.create` - The NetworkPolicy managed by the Helm chart are designed to work out-of-the-box on most setups. - In particular, the agents need to connect to the datadog intakes. NetworkPolicy can be restricted - by IP but the datadog intake IP cannot be guaranteed to be stable. - The agents are also susceptible to connect to any pod, on any port, depending on the "auto-discovery" annotations - that can be dynamically added to them. + The NetworkPolicy managed by the Helm chart are designed to work out-of-the-box on most setups. + In particular, the agents need to connect to the datadog intakes. NetworkPolicy can be restricted + by IP but the datadog intake IP cannot be guaranteed to be stable. + The agents are also susceptible to connect to any pod, on any port, depending on the "auto-discovery" annotations + that can be dynamically added to them. ## 2.4.18 @@ -2651,7 +2769,7 @@ variables, instead of passing one by one. ## 2.2.11 * Add documentations around secret management in the datadog helm chart. It is to upstream - requested changes in the IBM charts repository: + requested changes in the IBM charts repository: [https://github.com/IBM/charts/pull/690#discussion_r411702458](https://github.com/IBM/charts/pull/690#discussion_r411702458) * update `kube-state-metrics` dependency * uncomment every values.yaml parameters for IBM chart compliancy @@ -2711,7 +2829,7 @@ variables, instead of passing one by one. ## 2.1.2 * Fixed a bug where `DD_LEADER_ELECTION` was not set in the config init container, leading to a failure to adapt -config to this environment variable. + config to this environment variable. ## 2.1.1 @@ -2730,13 +2848,13 @@ config to this environment variable. * Fix `system-probe` startup on latest versions of containerd. Here is the error that this change fixes: - ``` State: Waiting + ```State: Reason: CrashLoopBackOff Last State: Terminated Reason: StartError Message: failed to create containerd task: OCI runtime create failed: container_linux.go:349: starting container process caused "close exec fds: ensure /proc/self/fd is on procfs: operation not permitted": unknown Exit Code: 128 - ``` + ``` ## 2.0.11 diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 78206b997..399dfd998 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.88.3 +version: 3.106.1 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 20ec06684..290f5742d 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.88.3](https://img.shields.io/badge/Version-3.88.3-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.106.0](https://img.shields.io/badge/Version-3.106.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -525,7 +525,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.61.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.63.3"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -550,6 +550,7 @@ helm install \ | agents.priorityPreemptionPolicyValue | string | `"PreemptLowerPriority"` | Set to "Never" to change the PriorityClass to non-preempting | | agents.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if agents.rbac.create is true | | agents.rbac.create | bool | `true` | If true, create & use RBAC resources | +| agents.rbac.serviceAccountAdditionalLabels | object | `{}` | Labels to add to the ServiceAccount if agents.rbac.create is true | | agents.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if agents.rbac.create is true | | agents.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if agents.rbac.create is false | | agents.revisionHistoryLimit | int | `10` | The number of ControllerRevision to keep in this DaemonSet. | @@ -608,7 +609,8 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.61.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.63.3"` | Cluster Agent image tag to use | +| clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus | bool | `false` | Set this to true to disable use_component_status for the kube_apiserver integration. | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -628,6 +630,7 @@ helm install \ | clusterAgent.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if clusterAgent.rbac.create is true | | clusterAgent.rbac.create | bool | `true` | If true, create & use RBAC resources | | clusterAgent.rbac.flareAdditionalPermissions | bool | `true` | If true, add Secrets and Configmaps get/list permissions to retrieve user Datadog Helm values from Cluster Agent namespace | +| clusterAgent.rbac.serviceAccountAdditionalLabels | object | `{}` | Labels to add to the ServiceAccount if clusterAgent.rbac.create is true | | clusterAgent.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if clusterAgent.rbac.create is true | | clusterAgent.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if clusterAgent.rbac.create is false | | clusterAgent.readinessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent readiness probe settings | @@ -662,7 +665,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.61.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.63.3"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | @@ -673,6 +676,7 @@ helm install \ | clusterChecksRunner.rbac.automountServiceAccountToken | bool | `true` | If true, automatically mount the ServiceAccount's API credentials if clusterChecksRunner.rbac.create is true | | clusterChecksRunner.rbac.create | bool | `true` | If true, create & use RBAC resources | | clusterChecksRunner.rbac.dedicated | bool | `false` | If true, use a dedicated RBAC resource for the cluster checks agent(s) | +| clusterChecksRunner.rbac.serviceAccountAdditionalLabels | object | `{}` | Labels to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true | | clusterChecksRunner.rbac.serviceAccountAnnotations | object | `{}` | Annotations to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true | | clusterChecksRunner.rbac.serviceAccountName | string | `"default"` | Specify a preexisting ServiceAccount to use if clusterChecksRunner.rbac.create is false | | clusterChecksRunner.readinessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent readiness probe settings | @@ -693,13 +697,14 @@ helm install \ | datadog.apiKeyExistingSecret | string | `nil` | Use existing Secret which stores API key instead of creating a new one. The value should be set with the `api-key` key inside the secret. | | datadog.apm.enabled | bool | `false` | Enable this to enable APM and tracing, on port 8126 DEPRECATED. Use datadog.apm.portEnabled instead | | datadog.apm.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the trace-agent socket | -| datadog.apm.instrumentation.disabledNamespaces | list | `[]` | Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). | -| datadog.apm.instrumentation.enabled | bool | `false` | Enable injecting the Datadog APM libraries into all pods in the cluster (beta). | -| datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). | +| datadog.apm.instrumentation.disabledNamespaces | list | `[]` | Disable injecting the Datadog APM libraries into pods in specific namespaces (preview). | +| datadog.apm.instrumentation.enabled | bool | `false` | Enable injecting the Datadog APM libraries into all pods in the cluster (preview). | +| datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (preview). | | datadog.apm.instrumentation.injector.imageTag | string | `""` | The image tag to use for the APM Injector (preview). | -| datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (beta). | -| datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (beta). | +| datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (preview). | +| datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (preview). | | datadog.apm.instrumentation.skipKPITelemetry | bool | `false` | Disable generating Configmap for APM Instrumentation KPIs | +| datadog.apm.instrumentation.targets | list | `[]` | Enable target based workload selection (preview). Requires Cluster Agent 7.64.0+ | | datadog.apm.port | int | `8126` | Override the trace Agent port | | datadog.apm.portEnabled | bool | `false` | Enable APM over TCP communication (hostPort 8126 by default) | | datadog.apm.socketEnabled | bool | `true` | Enable APM over Socket (Unix Socket or windows named pipe) | @@ -733,6 +738,7 @@ helm install \ | datadog.disableDefaultOsReleasePaths | bool | `false` | Set this to true to disable mounting datadog.osReleasePath in all containers | | datadog.disablePasswdMount | bool | `false` | Set this to true to disable mounting /etc/passwd in all containers | | datadog.discovery.enabled | bool | `nil` | Enable Service Discovery | +| datadog.discovery.networkStats.enabled | bool | `true` | Enable Service Discovery Network Stats | | datadog.dockerSocketPath | string | `nil` | Path to the docker socket | | datadog.dogstatsd.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the DogStatsD socket | | datadog.dogstatsd.nonLocalTraffic | bool | `true` | Enable this to make each node accept non-local statsd traffic (from outside of the pod) | @@ -749,6 +755,9 @@ helm install \ | datadog.envFrom | list | `[]` | Set environment variables for all Agents directly from configMaps and/or secrets | | datadog.excludePauseContainer | bool | `true` | Exclude pause containers from Agent Autodiscovery. | | datadog.expvarPort | int | `6000` | Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 | +| datadog.gpuMonitoring.configureCgroupPerms | bool | `false` | Configure cgroup permissions for GPU monitoring | +| datadog.gpuMonitoring.enabled | bool | `false` | Enable GPU monitoring | +| datadog.gpuMonitoring.runtimeClassName | string | `"nvidia"` | Runtime class name for the agent pods to get access to NVIDIA resources | | datadog.helmCheck.collectEvents | bool | `false` | Set this to true to enable event collection in the Helm Check (Requires Agent 7.36.0+ and Cluster Agent 1.20.0+) This requires datadog.HelmCheck.enabled to be set to true | | datadog.helmCheck.enabled | bool | `false` | Set this to true to enable the Helm check (Requires Agent 7.35.0+ and Cluster Agent 1.19.0+) This requires clusterAgent.enabled to be set to true | | datadog.helmCheck.valuesAsTags | object | `{}` | Collects Helm values from a release and uses them as tags (Requires Agent and Cluster Agent 7.40.0+). This requires datadog.HelmCheck.enabled to be set to true | @@ -772,6 +781,7 @@ helm install \ | datadog.kubelet.host | object | `{"valueFrom":{"fieldRef":{"fieldPath":"status.hostIP"}}}` | Override kubelet IP | | datadog.kubelet.hostCAPath | string | None (no mount from host) | Path (on host) where the Kubelet CA certificate is stored | | datadog.kubelet.podLogsPath | string | /var/log/pods on Linux, C:\var\log\pods on Windows | Path (on host) where the PODs logs are located | +| datadog.kubelet.podResourcesSocketDir | string | /var/lib/kubelet/pod-resources | Path (on host) where the kubelet.sock socket for the PodResources API is located | | datadog.kubelet.tlsVerify | string | true | Toggle kubelet TLS verification | | datadog.kubernetesEvents.collectedEventTypes | list | `[{"kind":"Pod","reasons":["Failed","BackOff","Unhealthy","FailedScheduling","FailedMount","FailedAttachVolume"]},{"kind":"Node","reasons":["TerminatingEvictedPod","NodeNotReady","Rebooted","HostPortConflict"]},{"kind":"CronJob","reasons":["SawCompletedJob"]}]` | Event types to be collected. This requires datadog.kubernetesEvents.unbundleEvents to be set to true. | | datadog.kubernetesEvents.filteringEnabled | bool | `false` | Enable this to only include events that match the pre-defined allowed events. (Requires Cluster Agent 7.57.0+). | @@ -803,6 +813,8 @@ helm install \ | datadog.otelCollector.config | string | `nil` | OTel collector configuration | | datadog.otelCollector.enabled | bool | `false` | Enable the OTel Collector | | datadog.otelCollector.ports | list | `[{"containerPort":"4317","name":"otel-grpc"},{"containerPort":"4318","name":"otel-http"}]` | Ports that OTel Collector is listening | +| datadog.otelCollector.rbac.create | bool | `true` | If true, check OTel Collector config for k8sattributes processor and create required ClusterRole to access Kubernetes API | +| datadog.otelCollector.rbac.rules | list | `[]` | A set of additional RBAC rules to apply to OTel Collector's ClusterRole | | datadog.otlp.logs.enabled | bool | `false` | Enable logs support in the OTLP ingest endpoint | | datadog.otlp.receiver.protocols.grpc.enabled | bool | `false` | Enable the OTLP/gRPC endpoint | | datadog.otlp.receiver.protocols.grpc.endpoint | string | `"0.0.0.0:4317"` | OTLP/gRPC endpoint | @@ -855,6 +867,12 @@ helm install \ | datadog.securityAgent.runtime.useSecruntimeTrack | bool | `true` | Set to true to send Cloud Workload Security (CWS) events directly to the Agent events explorer | | datadog.securityContext | object | `{"runAsUser":0}` | Allows you to overwrite the default PodSecurityContext on the Daemonset or Deployment | | datadog.serviceMonitoring.enabled | bool | `false` | Enable Universal Service Monitoring | +| datadog.serviceMonitoring.http2MonitoringEnabled | string | `nil` | Enable HTTP2 & gRPC monitoring for Universal Service Monitoring (Requires Agent 7.53.0+ and kernel 5.2 or later). Empty values use the default setting in the datadog agent. | +| datadog.serviceMonitoring.httpMonitoringEnabled | string | `nil` | Enable HTTP monitoring for Universal Service Monitoring (Requires Agent 7.40.0+). Empty values use the default setting in the datadog agent. | +| datadog.serviceMonitoring.tls.go.enabled | bool | `nil` | Enable TLS monitoring for Golang services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. | +| datadog.serviceMonitoring.tls.istio.enabled | bool | `nil` | Enable TLS monitoring for Istio services (Requires Agent 7.50.0+). Empty values use the default setting in the datadog agent. | +| datadog.serviceMonitoring.tls.native.enabled | bool | `nil` | Enable TLS monitoring for native (openssl, libssl, gnutls) services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. | +| datadog.serviceMonitoring.tls.nodejs.enabled | bool | `nil` | Enable TLS monitoring for Node.js services (Requires Agent 7.54.0+). Empty values use the default setting in the datadog agent. | | datadog.site | string | `nil` | The site of the Datadog intake to send Agent data to. (documentation: https://docs.datadoghq.com/getting_started/site/) | | datadog.systemProbe.apparmor | string | `"unconfined"` | Specify a apparmor profile for system-probe | | datadog.systemProbe.bpfDebug | bool | `false` | Enable logging for kernel debug | @@ -885,7 +903,7 @@ helm install \ | fips.image.name | string | `"fips-proxy"` | | | fips.image.pullPolicy | string | `"IfNotPresent"` | Datadog the FIPS sidecar image pull policy | | fips.image.repository | string | `nil` | Override default registry + image.name for the FIPS sidecar container. | -| fips.image.tag | string | `"1.1.6"` | Define the FIPS sidecar container version to use. | +| fips.image.tag | string | `"1.1.8"` | Define the FIPS sidecar container version to use. | | fips.local_address | string | `"127.0.0.1"` | Set local IP address | | fips.port | int | `9803` | Specifies which port is used by the containers to communicate to the FIPS sidecar. | | fips.portRange | int | `15` | Specifies the number of ports used, defaults to 13 https://github.com/DataDog/datadog-agent/blob/7.44.x/pkg/config/config.go#L1564-L1577 | diff --git a/charts/datadog/ci/agent-otel-collector-with-rbac-custom-rules-values.yaml b/charts/datadog/ci/agent-otel-collector-with-rbac-custom-rules-values.yaml new file mode 100644 index 000000000..c89789c1b --- /dev/null +++ b/charts/datadog/ci/agent-otel-collector-with-rbac-custom-rules-values.yaml @@ -0,0 +1,47 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true + rbac: + create: true + rules: + - apiGroups: [""] + resources: ["nodes"] + verbs: ["get", "watch", "list"] + config: | + processors: + k8sattributes/passthrough: + passthrough: true + k8sattributes: + receivers: + otlp: + exporters: + datadog: + api: + key: "00000000000000000000000000000000" + service: + pipelines: + traces: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] + metrics: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] diff --git a/charts/datadog/ci/agent-otel-collector-with-rbac-values.yaml b/charts/datadog/ci/agent-otel-collector-with-rbac-values.yaml new file mode 100644 index 000000000..d5596eb02 --- /dev/null +++ b/charts/datadog/ci/agent-otel-collector-with-rbac-values.yaml @@ -0,0 +1,41 @@ +targetSystem: "linux" +agents: + image: + repository: datadog/agent-dev + tag: nightly-ot-beta-main + doNotCheckTag: true + containers: + agent: + env: + - name: DD_HOSTNAME + value: "datadog" +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + otelCollector: + enabled: true + config: | + processors: + k8sattributes: + k8sattributes/passthrough: + passthrough: true + receivers: + otlp: + exporters: + datadog: + api: + key: "00000000000000000000000000000000" + service: + pipelines: + traces: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] + metrics: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [k8sattributes] + exporters: [datadog] diff --git a/charts/datadog/ci/agent-with-additional-rbac-label-values.yaml b/charts/datadog/ci/agent-with-additional-rbac-label-values.yaml new file mode 100644 index 000000000..d30828525 --- /dev/null +++ b/charts/datadog/ci/agent-with-additional-rbac-label-values.yaml @@ -0,0 +1,6 @@ +agents: + enabled: true + rbac: + enabled: true + serviceAccountAdditionalLabels: + "app.kubernetes.io/custom-label": custom-value diff --git a/charts/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml b/charts/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml index e16325d78..63d36fa8b 100644 --- a/charts/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml +++ b/charts/datadog/ci/apm-single-step-instrumentation-admission-controller-values.yaml @@ -8,3 +8,16 @@ clusterAgent: enabled: true admissionController: enabled: true + targets: + - name: "example" + podSelector: + matchLabels: + language: "python" + namespaceSelector: + matchNames: + - "applications" + ddTraceVersions: + python: "v2" + ddTraceConfigs: + - name: "DD_PROFILING_ENABLED" + value: "true" diff --git a/charts/datadog/ci/cluster-agent-and-worker-with-dedicated-rbac-label-values.yaml b/charts/datadog/ci/cluster-agent-and-worker-with-dedicated-rbac-label-values.yaml new file mode 100644 index 000000000..571db5a6f --- /dev/null +++ b/charts/datadog/ci/cluster-agent-and-worker-with-dedicated-rbac-label-values.yaml @@ -0,0 +1,21 @@ +datadog: + apiKey: "00000000000000000000000000000000" + appKey: "0000000000000000000000000000000000000000" + kubeStateMetricsEnabled: false + clusterChecks: + enabled: true + +clusterAgent: + enabled: true + rbac: + create: true + serviceAccountAdditionalLabels: + "app.kubernetes.io/custom-label": custom-value + +clusterChecksRunner: + enabled: true + replicas: 1 + rbac: + dedicated: true + serviceAccountAdditionalLabels: + "app.kubernetes.io/custom-label": custom-value diff --git a/charts/datadog/ci/gke-autopilot-cri-less-values.yaml b/charts/datadog/ci/gke-autopilot-cri-less-values.yaml index be7beadf1..5ac38cbd8 100644 --- a/charts/datadog/ci/gke-autopilot-cri-less-values.yaml +++ b/charts/datadog/ci/gke-autopilot-cri-less-values.yaml @@ -2,6 +2,8 @@ datadog: apiKey: "00000000000000000000000000000000" appKey: "0000000000000000000000000000000000000000" + envDict: + DD_CI: true logs: enabled: true diff --git a/charts/datadog/ci/gke-autopilot-values.yaml b/charts/datadog/ci/gke-autopilot-values.yaml index 8be7f339f..87a904cbe 100644 --- a/charts/datadog/ci/gke-autopilot-values.yaml +++ b/charts/datadog/ci/gke-autopilot-values.yaml @@ -5,6 +5,8 @@ providers: datadog: apiKey: "00000000000000000000000000000000" appKey: "0000000000000000000000000000000000000000" + envDict: + DD_CI: true logs: enabled: true diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 692d62f9b..084949e10 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -337,7 +337,7 @@ You are using datadog.orchestratorExplorer.enabled but you disabled the cluster To enable it please set clusterAgent.enabled to 'true'. {{- end }} -{{- if .Values.providers.gke.autopilot}} +{{- if and (.Values.providers.gke.autopilot) (not .Values.datadog.envDict.DD_CI)}} ########################################################################################### #### WARNING: Only one Datadog chart release allowed by namespace on GKE Autopilot #### @@ -347,12 +347,12 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes * The serviceAccountName must be "datadog-agent". * All ConfigMap names mounted must be hardcode. -{{- if eq (include "system-probe-feature" .) "true" }} +{{- if and (eq (include "system-probe-feature" .) "true") (eq (include "gke-autopilot-workloadallowlists-enabled" .) "false") }} -##################################################################### -#### WARNING: System Probe is not supported on GKE Autopilot #### -##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill', 'datadog.serviceMonitoring.enabled' and 'datadog.discovery.enabled' must be set 'false'" }} +############################################################################################## +#### WARNING: System Probe on GKE Autopilot requires GKE v1.32.1-gke.1729000 or later #### +############################################################################################## +{{- fail "System Probe on GKE Autopilot environments requires GKE v1.32.1-gke.1729000 or later. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill', 'datadog.serviceMonitoring.enabled' and 'datadog.discovery.enabled' must be set 'false'" }} {{- end }} @@ -412,27 +412,31 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- end }} -{{- if .Values.datadog.networkMonitoring.enabled }} +{{- end }} + +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc }} + +{{- if or .Values.datadog.sbom.containerImage.enabled .Values.datadog.sbom.host.enabled }} ####################################################################################### -#### WARNING: Network Performance Monitoring is not supported on GKE Autopilot #### +#### WARNING: SBOM Monitoring is not supported on GKE Autopilot #### ####################################################################################### -{{- fail "On GKE Autopilot environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} +On GKE Autopilot environments, SBOM Monitoring is not supported. The options 'datadog.sbom.containerImage.enabled' and 'datadog.sbom.host.enabled' must be set to 'false'. {{- end }} {{- end }} -{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc }} +{{- if .Values.providers.gke.gdc }} -{{- if or .Values.datadog.sbom.containerImage.enabled .Values.datadog.sbom.host.enabled }} +{{- if .Values.datadog.networkMonitoring.enabled }} ####################################################################################### -#### WARNING: SBOM Monitoring is not supported on GKE Autopilot #### +#### WARNING: Network Performance Monitoring is not supported on GKE GDC #### ####################################################################################### -On GKE Autopilot environments, SBOM Monitoring is not supported. The options 'datadog.sbom.containerImage.enabled' and 'datadog.sbom.host.enabled' must be set to 'false'. +{{- fail "On GKE GDC environments, Network Performance Monitoring is not supported. The option 'datadog.networkMonitoring.enabled' must be set to 'false'" }} {{- end }} diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 6a313d47f..e58606c7f 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -63,6 +63,12 @@ {{- include "containers-common-env" . | nindent 4 }} {{- include "fips-envvar" . | nindent 4 }} {{- include "processes-common-envs" . | nindent 4 }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + - name: DD_AGENT_IPC_PORT + value: "5009" + - name: DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL + value: "60" + {{- end }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL @@ -163,17 +169,15 @@ value: {{ .Values.datadog.checksCardinality | quote }} {{- end }} - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} + value: {{ .Values.datadog.containerLifecycle.enabled | quote | default "true" }} - name: DD_ORCHESTRATOR_EXPLORER_ENABLED value: {{ (include "should-enable-k8s-resource-monitoring" .) | quote }} - name: DD_EXPVAR_PORT value: {{ .Values.datadog.expvarPort | quote }} - name: DD_COMPLIANCE_CONFIG_ENABLED value: {{ .Values.datadog.securityAgent.compliance.enabled | quote }} - {{- if eq (include "should-enable-container-image-collection" .) "true" }} - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - {{- end }} + value: {{ include "should-enable-container-image-collection" . | quote }} {{- if or (eq (include "should-enable-sbom-host-fs-collection" .) "true") (eq (include "should-enable-sbom-container-image-collection" .) "true") }} - name: DD_SBOM_ENABLED value: "true" @@ -205,6 +209,15 @@ - name: DD_OTELCOLLECTOR_ENABLED value: "true" {{- end }} + {{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: {{ printf "%s/kubelet.sock" .Values.datadog.kubelet.podResourcesSocketDir | quote }} + {{- end }} + {{- if .Values.datadog.gpuMonitoring.enabled }} + # depending on the NVIDIA container toolkit configuration, we might need to request visible devices via this env var or via the /var/run/nvidia-container-devices/all volume mount + - name: NVIDIA_VISIBLE_DEVICES + value: all + {{- end }} {{- include "additional-env-entries" .Values.agents.containers.agent.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.agent.envDict | indent 4 }} volumeMounts: @@ -241,6 +254,11 @@ readOnly: true {{- end }} {{- if eq .Values.targetSystem "linux" }} + {{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} + - name: pod-resources-socket + mountPath: {{ .Values.datadog.kubelet.podResourcesSocketDir }} + readOnly: false + {{- end }} {{- if not .Values.providers.gke.gdc }} - name: dsdsocket mountPath: {{ (dir .Values.datadog.dogstatsd.socketPath) }} @@ -295,6 +313,9 @@ - name: host-docker-dir mountPath: /host/var/lib/docker readOnly: true + - name: host-crio-dir + mountPath: /host/var/lib/containers + readOnly: true {{- end }} {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - name: host-apk-dir diff --git a/charts/datadog/templates/_container-host-release-volumemounts.yaml b/charts/datadog/templates/_container-host-release-volumemounts.yaml index af1cfea68..189a06f10 100644 --- a/charts/datadog/templates/_container-host-release-volumemounts.yaml +++ b/charts/datadog/templates/_container-host-release-volumemounts.yaml @@ -1,6 +1,5 @@ {{- define "linux-container-host-release-volumemounts" -}} -{{- if or .Values.datadog.osReleasePath .Values.datadog.systemProbe.osReleasePath }} - {{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} +{{- if eq (include "should-add-host-path-for-os-release-file" .) "true" }} {{- if eq (include "should-enable-system-probe" .) "true" }} - name: os-release-file mountPath: /host{{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} @@ -12,4 +11,3 @@ {{- end }} {{- end }} {{- end }} -{{- end }} diff --git a/charts/datadog/templates/_container-otel-agent.yaml b/charts/datadog/templates/_container-otel-agent.yaml index 193748157..67793f402 100644 --- a/charts/datadog/templates/_container-otel-agent.yaml +++ b/charts/datadog/templates/_container-otel-agent.yaml @@ -3,10 +3,10 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} {{- if eq .Values.targetSystem "linux" }} - command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml"] + command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml", "--sync-delay=30s"] {{- end -}} {{- if eq .Values.targetSystem "windows" }} - command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml"] + command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml", "--sync-delay=30s"] {{- end -}} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.otelAgent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} resources: @@ -32,6 +32,10 @@ env: {{- include "containers-common-env" . | nindent 4 }} {{- include "containers-cluster-agent-env" . | nindent 4 }} + - name: DD_AGENT_IPC_PORT + value: "5009" + - name: DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL + value: "60" {{- include "fips-envvar" . | nindent 4 }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.otelAgent.logLevel | default .Values.datadog.logLevel | quote }} diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index 6e3127392..04416040e 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -3,7 +3,7 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.systemProbe.securityContext "targetSystem" .Values.targetSystem "seccomp" .Values.datadog.systemProbe.seccomp "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} - command: ["/opt/datadog-agent/embedded/bin/system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] + command: ["system-probe", "--config=/etc/datadog-agent/system-probe.yaml"] {{- if .Values.agents.containers.systemProbe.ports }} ports: {{ toYaml .Values.agents.containers.systemProbe.ports | indent 2 }} @@ -21,18 +21,25 @@ {{- include "containers-common-env" . | nindent 4 }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.systemProbe.logLevel | default .Values.datadog.logLevel | quote }} - {{- if .Values.datadog.serviceMonitoring.enabled }} + {{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.gpuMonitoring.enabled }} - name: HOST_ROOT value: "/host/root" {{- end }} + {{- if .Values.datadog.gpuMonitoring.enabled }} + # depending on the NVIDIA container toolkit configuration, we might need to request visible devices via this env var or via the /var/run/nvidia-container-devices/all volume mount + - name: NVIDIA_VISIBLE_DEVICES + value: all + {{- end }} {{- include "additional-env-entries" .Values.agents.containers.systemProbe.env | indent 4 }} {{- include "additional-env-dict-entries" .Values.agents.containers.systemProbe.envDict | indent 4 }} resources: {{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }} volumeMounts: + {{- if (not .Values.providers.gke.autopilot) }} - name: auth-token mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true + {{- end }} - name: logdatadog mountPath: {{ template "datadog.logDirectoryPath" . }} readOnly: false # Need RW to write logs @@ -70,14 +77,14 @@ mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true -{{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.networkMonitoring.enabled .Values.datadog.discovery.enabled }} +{{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.networkMonitoring.enabled .Values.datadog.discovery.enabled .Values.datadog.gpuMonitoring.enabled }} - name: cgroups mountPath: /host/sys/fs/cgroup mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- end }} {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} - {{- if (eq (include "should-add-host-path-for-os-release-paths" .) "true") }} + {{- if (eq (include "should-add-host-path-for-os-release-paths" .) "true") }} {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} - name: etc-redhat-release mountPath: /host/etc/redhat-release @@ -94,12 +101,16 @@ readOnly: true {{- end }} {{- end }} -{{- if .Values.datadog.serviceMonitoring.enabled }} +{{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.gpuMonitoring.enabled }} - name: hostroot mountPath: /host/root mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- end }} +{{- if .Values.datadog.gpuMonitoring.enabled }} + - name: gpu-devices + mountPath: /var/run/nvidia-container-devices/all +{{- end }} {{- if and (eq (include "runtime-compilation-enabled" .) "true") .Values.datadog.systemProbe.enableDefaultKernelHeadersPaths }} - name: modules mountPath: /lib/modules diff --git a/charts/datadog/templates/_containers-init-linux.yaml b/charts/datadog/templates/_containers-init-linux.yaml index 8bb250fcf..13f8c79a5 100644 --- a/charts/datadog/templates/_containers-init-linux.yaml +++ b/charts/datadog/templates/_containers-init-linux.yaml @@ -1,8 +1,6 @@ {{- define "containers-init-linux" -}} - name: init-volume -{{- if not .Values.providers.gke.autopilot }} {{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} -{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: ["bash", "-c"] @@ -19,9 +17,7 @@ {{ toYaml .Values.agents.containers.initContainers.resources | indent 4 }} {{- end }} - name: init-config -{{- if not .Values.providers.gke.autopilot }} {{- include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} -{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index d4ec7904f..4916c18cf 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -10,6 +10,11 @@ configMap: name: {{ include "agents.confd-configmap-name" . }} {{- end }} +{{- if and (not .Values.providers.gke.gdc) (not .Values.providers.gke.autopilot) }} +- name: pod-resources-socket + hostPath: + path: {{ .Values.datadog.kubelet.podResourcesSocketDir }} +{{- end }} {{- if not .Values.providers.gke.gdc }} - hostPath: path: /proc @@ -17,7 +22,7 @@ - hostPath: path: /sys/fs/cgroup name: cgroups -{{- if and (not .Values.providers.gke.autopilot) (or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled) }} +{{- if eq (include "should-add-host-path-for-os-release-file" .) "true"}} - hostPath: path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file @@ -148,7 +153,7 @@ path: /etc/passwd name: passwd {{- end }} -{{- if or (and (eq (include "should-enable-system-probe" .) "true") .Values.datadog.serviceMonitoring.enabled) (and (eq (include "should-enable-security-agent" .) "true") .Values.datadog.securityAgent.compliance.enabled) }} +{{- if or (and (eq (include "should-enable-system-probe" .) "true") (or .Values.datadog.serviceMonitoring.enabled .Values.datadog.gpuMonitoring.enabled)) (and (eq (include "should-enable-security-agent" .) "true") .Values.datadog.securityAgent.compliance.enabled) }} - hostPath: path: / name: hostroot @@ -160,6 +165,9 @@ - hostPath: path: /var/lib/docker name: host-docker-dir +- hostPath: + path: /var/lib/containers + name: host-crio-dir {{- end }} {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - hostPath: @@ -216,4 +224,9 @@ secretName: datadog-kubelet-cert name: kubelet-cert-volume {{- end }} +{{- if .Values.datadog.gpuMonitoring.enabled }} +- name: gpu-devices + hostPath: + path: /dev/null +{{- end }} {{- end -}} diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index 0cebfd456..2d2704430 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -49,6 +49,44 @@ false {{- end -}} {{- end -}} +{{/* +Check if target cluster is running GKE Autopilot. +*/}} +{{- define "is-autopilot" -}} +{{- if .Values.providers.gke.autopilot -}} +{{- $nodes := (lookup "v1" "Node" "" "").items }} +{{- if and $nodes (gt (len $nodes) 0) -}} +{{- $node := index $nodes 0 -}} +{{- if hasPrefix "gk3" $node.metadata.name -}} +true +{{- else -}} +false +{{- end -}} +{{- else -}} +false +{{- end -}} +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{/* +Check if target cluster supports GKE Autopilot WorkloadAllowlists. +*/}} +{{- define "gke-autopilot-workloadallowlists-enabled" -}} +{{- $nodes := (lookup "v1" "Node" "" "").items }} +{{- if and $nodes (gt (len $nodes) 0) -}} +{{- $node := index $nodes 0 -}} +{{- if and (eq (include "is-autopilot" .) "true") (semverCompare ">=v1.32.1-gke.1729000" $node.status.nodeInfo.kubeletVersion) -}} +true +{{- else -}} +false +{{- end }} +{{- else -}} +false +{{- end }} +{{- end }} + {{- define "agent-has-env-ad" -}} {{- if not .Values.agents.image.doNotCheckTag -}} {{- $version := (include "get-agent-version" .) -}} @@ -117,7 +155,21 @@ false {{- end -}} {{- end -}} - +{{/* +Return true if k8sattributes RBAC rules should be added to the OTel Agent ClusterRole +*/}} +{{- define "should-add-otel-agent-k8sattributes-rules" -}} +{{- $return := false }} +{{- $config := .Values.datadog.otelCollector.config | default "" | fromYaml }} +{{- range $key, $val := $config.processors }} + {{- if hasPrefix "k8sattributes" $key }} + {{- if or (empty $val) (empty $val.passthrough) }} + {{- $return = true }} + {{- end }} + {{- end }} +{{- end }} +{{- $return }} +{{- end -}} {{/* Return secret name to be used based on provided values. @@ -297,7 +349,7 @@ eu.gcr.io/datadoghq public.ecr.aws/datadog {{- else if eq .datadog.site "ap1.datadoghq.com" -}} asia.gcr.io/datadoghq -{{- else if eq .datadog.site "us3.datadoghq.com" -}} +{{- else if and (eq .datadog.site "us3.datadoghq.com") (not .providers.gke.autopilot) -}} datadoghq.azurecr.io {{- else -}} gcr.io/datadoghq @@ -331,7 +383,7 @@ Return a remote image path based on `.Values` (passed as root) and `.` (any `.im Return true if a system-probe feature is enabled. */}} {{- define "system-probe-feature" -}} -{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled .Values.datadog.discovery.enabled -}} +{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled .Values.datadog.discovery.enabled .Values.datadog.gpuMonitoring.enabled -}} true {{- else -}} false @@ -342,7 +394,7 @@ false Return true if the system-probe container should be created. */}} {{- define "should-enable-system-probe" -}} -{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") -}} +{{- if or (and (eq (include "system-probe-feature" .) "true") (eq .Values.targetSystem "linux") (not .Values.providers.gke.gdc)) (eq (include "gke-autopilot-workloadallowlists-enabled" . ) "true") -}} true {{- else -}} false @@ -387,7 +439,8 @@ false Return true if the security-agent container should be created. */}} {{- define "should-enable-security-agent" -}} -{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc )) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" .) "true") -}} +{{- if and (not .Values.providers.gke.gdc ) (eq .Values.targetSystem "linux") (eq (include "security-agent-feature" +.) "true") -}} true {{- else -}} false @@ -409,7 +462,7 @@ false Return true if the runtime security features should be enabled. */}} {{- define "should-enable-runtime-security" -}} -{{- if and (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} +{{- if and (not .Values.providers.gke.gdc) (or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled) -}} true {{- else -}} false @@ -699,7 +752,18 @@ Return Kubelet volumeMount Return true if the Cluster Agent needs a confd configmap */}} {{- define "need-cluster-agent-confd" -}} -{{- if (or (.Values.clusterAgent.confd) (.Values.datadog.kubeStateMetricsCore.enabled) (.Values.clusterAgent.advancedConfd) (.Values.datadog.helmCheck.enabled)) -}} +{{- if (or (.Values.clusterAgent.confd) (.Values.datadog.kubeStateMetricsCore.enabled) (.Values.clusterAgent.advancedConfd) (.Values.datadog.helmCheck.enabled) (.Values.datadog.collectEvents) (.Values.clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus)) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{/* +Return true if kubernetes_apiserver check should be configured +*/}} +{{- define "need-kubernetes-apiserver-check-config" -}} +{{- if or (.Values.datadog.collectEvents) (.Values.clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus) -}} true {{- else -}} false @@ -732,7 +796,7 @@ Return the local service name Return true if runtime compilation is enabled in the system-probe */}} {{- define "runtime-compilation-enabled" -}} -{{- if or .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled -}} +{{- if or .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled (and .Values.datadog.discovery.enabled .Values.datadog.discovery.networkStats.enabled) -}} true {{- else -}} false @@ -985,7 +1049,6 @@ Create RBACs for custom resources false {{- end -}} {{- end -}} - {{/* Return true if any process-related check is enabled */}} @@ -1015,7 +1078,7 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} - {{- if or .Values.providers.gke.gdc .Values.providers.gke.autopilot -}} + {{- if or (.Values.providers.gke.gdc) (and (.Values.providers.gke.autopilot) (not (eq (include "gke-autopilot-workloadallowlists-enabled" .) "true"))) -}} false {{- else if ne .Values.targetSystem "linux" -}} false @@ -1056,6 +1119,27 @@ Create RBACs for custom resources {{- end -}} {{- end -}} +{{/* + Returns true if Host path for os-release-file needs to be added to the volumes. +*/}} +{{- define "should-add-host-path-for-os-release-file" -}} +{{- if .Values.providers.gke.gdc -}} +false +{{- end }} +{{- if or .Values.datadog.systemProbe.osReleasePath .Values.datadog.osReleasePath .Values.datadog.sbom.host.enabled -}} +{{- if .Values.providers.gke.autopilot -}} +{{- if eq (include "gke-autopilot-workloadallowlists-enabled" .) "true" -}} +true +{{- else -}} +false +{{- end -}} +{{- else -}} +true +{{- end -}} +{{- else -}} +false +{{- end -}} +{{- end -}} {{/* Returns true if Host paths for default OS Release Paths need to be added to the volumes. @@ -1063,6 +1147,8 @@ Create RBACs for custom resources {{- define "should-add-host-path-for-os-release-paths" -}} {{- if ne .Values.targetSystem "linux" -}} false + {{- else if .Values.providers.gke.autopilot -}} + false {{- else if .Values.providers.talos.enabled -}} false {{- else if (and .Values.datadog.systemProbe.enableDefaultOsReleasePaths (not .Values.datadog.disableDefaultOsReleasePaths)) -}} diff --git a/charts/datadog/templates/_kubernetes_apiserver_config.yaml b/charts/datadog/templates/_kubernetes_apiserver_config.yaml index 208e21594..b1849c6d0 100644 --- a/charts/datadog/templates/_kubernetes_apiserver_config.yaml +++ b/charts/datadog/templates/_kubernetes_apiserver_config.yaml @@ -1,13 +1,19 @@ {{- define "kubernetes_apiserver-config" -}} -{{- if .Values.datadog.collectEvents -}} +{{- if eq (include "need-kubernetes-apiserver-check-config" .) "true" }} kubernetes_apiserver.yaml: |- init_config: instances: - - filtering_enabled: {{ .Values.datadog.kubernetesEvents.filteringEnabled }} + - +{{- if .Values.datadog.collectEvents }} + filtering_enabled: {{ .Values.datadog.kubernetesEvents.filteringEnabled }} unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} {{- if .Values.datadog.kubernetesEvents.unbundleEvents }} collected_event_types: {{ .Values.datadog.kubernetesEvents.collectedEventTypes | toYaml | nindent 8 }} {{- end -}} +{{- end }} +{{- if .Values.clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus }} + use_component_status: false +{{- end }} {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/_system-probe-init.yaml b/charts/datadog/templates/_system-probe-init.yaml index cfea181fc..a9defec32 100644 --- a/charts/datadog/templates/_system-probe-init.yaml +++ b/charts/datadog/templates/_system-probe-init.yaml @@ -1,8 +1,6 @@ {{- define "system-probe-init" -}} - name: seccomp-setup -{{- if not .Values.providers.gke.autopilot }} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.initContainers.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} -{{- end }} image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: diff --git a/charts/datadog/templates/agent-clusterchecks-rbac.yaml b/charts/datadog/templates/agent-clusterchecks-rbac.yaml index fd81988d6..cf95e646e 100644 --- a/charts/datadog/templates/agent-clusterchecks-rbac.yaml +++ b/charts/datadog/templates/agent-clusterchecks-rbac.yaml @@ -24,6 +24,9 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} +{{- if .Values.clusterChecksRunner.rbac.serviceAccountAdditionalLabels -}} +{{ tpl (toYaml .Values.clusterChecksRunner.rbac.serviceAccountAdditionalLabels) . | nindent 4}} +{{- end }} name: {{ template "datadog.fullname" . }}-cluster-checks namespace: {{ .Release.Namespace }} {{- if .Values.clusterChecksRunner.rbac.serviceAccountAnnotations }} diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 7ccbea457..9709b5f8c 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -288,6 +288,10 @@ spec: - name: DD_APM_INSTRUMENTATION_LIB_VERSIONS value: {{ .Values.datadog.apm.instrumentation.libVersions | toJson | quote }} {{- end }} + {{- if .Values.datadog.apm.instrumentation.targets }} + - name: DD_APM_INSTRUMENTATION_TARGETS + value: {{ .Values.datadog.apm.instrumentation.targets | toJson | quote }} + {{- end }} {{- if .Values.datadog.apm.instrumentation.injector.imageTag }} - name: DD_APM_INSTRUMENTATION_INJECTOR_IMAGE_TAG value: {{ .Values.datadog.apm.instrumentation.injector.imageTag | quote }} @@ -493,7 +497,7 @@ spec: - key: helm.yaml path: helm.yaml {{- end }} -{{- if .Values.datadog.collectEvents }} +{{- if eq (include "need-kubernetes-apiserver-check-config" .) "true" }} - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml {{- end }} diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 8bf355ebb..773363f1f 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -364,6 +364,9 @@ metadata: heritage: {{ .Release.Service | quote }} release: {{ .Release.Name | quote }} {{ include "datadog.labels" . | indent 4 }} +{{- if .Values.clusterAgent.rbac.serviceAccountAdditionalLabels -}} +{{ tpl (toYaml .Values.clusterAgent.rbac.serviceAccountAdditionalLabels) . | nindent 4 -}} +{{ end }} {{- if .Values.clusterAgent.rbac.serviceAccountAnnotations }} annotations: {{ tpl (toYaml .Values.clusterAgent.rbac.serviceAccountAnnotations) . | nindent 4}} {{- end }} @@ -515,14 +518,13 @@ metadata: namespace: {{ .Release.Namespace }} {{- $groupedResources := dict }} -{{- $mergedResources := merge (default dict .Values.datadog.kubernetesResourcesAnnotationsAsTags) (default dict .Values.datadog.kubernetesResourcesLabelsAsTags)}} +{{- $mergedResources := mergeOverwrite (deepCopy (default dict .Values.datadog.kubernetesResourcesAnnotationsAsTags)) (deepCopy (default dict .Values.datadog.kubernetesResourcesLabelsAsTags))}} {{- range $resource, $labels := $mergedResources }} - {{- $parts := split "." $resource }} + {{- $parts := splitList "." $resource }} {{- $apiGroup := "" }} - {{- $resourceName := $resource }} - {{- if eq (len $parts) 2 }} - {{- $apiGroup = index $parts "_1" }} - {{- $resourceName = index $parts "_0" }} + {{- $resourceName := mustFirst $parts }} + {{- if gt (len $parts) 1 }} + {{- $apiGroup = join "." (mustRest $parts) }} {{- end }} {{- $existing := index $groupedResources $apiGroup | default (list) }} {{- $groupedResources = set $groupedResources $apiGroup (append $existing $resourceName) }} @@ -559,4 +561,4 @@ subjects: - kind: ServiceAccount name: {{ template "datadog.fullname" . }}-cluster-agent namespace: {{ .Release.Namespace }} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/charts/datadog/templates/daemonset.yaml b/charts/datadog/templates/daemonset.yaml index 45dc64663..5edcd8bb0 100644 --- a/charts/datadog/templates/daemonset.yaml +++ b/charts/datadog/templates/daemonset.yaml @@ -55,7 +55,7 @@ spec: checksum/agent-config: {{ tpl (toYaml .Values.agents.customAgentConfig) . | sha256sum }} {{- end }} {{- if eq (include "should-enable-system-probe" .) "true" }} - {{- if .Values.agents.podSecurity.apparmor.enabled }} + {{- if and (.Values.agents.podSecurity.apparmor.enabled) }} container.apparmor.security.beta.kubernetes.io/system-probe: {{ .Values.datadog.systemProbe.apparmor }} {{- end }} {{- if semverCompare "<1.19.0" .Capabilities.KubeVersion.Version }} @@ -114,6 +114,9 @@ spec: {{- if or .Values.agents.priorityClassCreate .Values.agents.priorityClassName }} priorityClassName: {{ .Values.agents.priorityClassName | default (include "datadog.fullname" . ) }} {{- end }} + {{- if .Values.datadog.gpuMonitoring.enabled }} + runtimeClassName: {{ .Values.datadog.gpuMonitoring.runtimeClassName }} + {{- end }} containers: {{- include "container-agent" . | nindent 6 }} {{- if eq (include "should-enable-trace-agent" .) "true" }} diff --git a/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml b/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml new file mode 100644 index 000000000..ff19473c9 --- /dev/null +++ b/charts/datadog/templates/gke_autopilot_allowlist_synchronizer.yaml @@ -0,0 +1,11 @@ +{{- if and .Values.providers.gke.autopilot (eq (include "gke-autopilot-workloadallowlists-enabled" .) "true")}} +apiVersion: auto.gke.io/v1 +kind: AllowlistSynchronizer +metadata: + name: datadog-synchronizer + annotations: + helm.sh/hook: "pre-install,pre-upgrade" +spec: + allowlistPaths: + - Datadog/datadog/datadog-datadog-daemonset-exemption-v1.0.1.yaml +{{- end }} diff --git a/charts/datadog/templates/otel-agent-rbac.yaml b/charts/datadog/templates/otel-agent-rbac.yaml new file mode 100644 index 000000000..60862093d --- /dev/null +++ b/charts/datadog/templates/otel-agent-rbac.yaml @@ -0,0 +1,40 @@ +{{- if and .Values.agents.rbac.create (eq (include "should-enable-otel-agent" .) "true") .Values.datadog.otelCollector.rbac.create -}} +{{- if or (eq (include "should-add-otel-agent-k8sattributes-rules" .) "true") .Values.datadog.otelCollector.rbac.rules -}} +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRole +metadata: + name: {{ template "datadog.fullname" . }}-otel-agent + labels: +{{ include "datadog.labels" . | indent 4 }} +rules: +{{- if eq (include "should-add-otel-agent-k8sattributes-rules" .) "true" }} + - apiGroups: [""] + resources: ["pods", "namespaces"] + verbs: ["get", "watch", "list"] + - apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] + - apiGroups: ["extensions"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] +{{- end -}} +{{- if .Values.datadog.otelCollector.rbac.rules -}} +{{ toYaml .Values.datadog.otelCollector.rbac.rules | nindent 2 -}} +{{- end }} +--- +apiVersion: {{ template "rbac.apiVersion" . }} +kind: ClusterRoleBinding +metadata: + name: {{ template "datadog.fullname" . }}-otel-agent + labels: +{{ include "datadog.labels" . | indent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "datadog.fullname" . }}-otel-agent +subjects: + - kind: ServiceAccount + name: {{ include "agents.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end -}} +{{- end -}} diff --git a/charts/datadog/templates/rbac.yaml b/charts/datadog/templates/rbac.yaml index 2d555d52f..8cd02c53b 100644 --- a/charts/datadog/templates/rbac.yaml +++ b/charts/datadog/templates/rbac.yaml @@ -129,6 +129,13 @@ rules: resources: ["secrets"] verbs: ["get"] {{- end }} +- apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics + - "metrics.eks.amazonaws.com" + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get --- apiVersion: {{ template "rbac.apiVersion" . }} kind: ClusterRoleBinding @@ -156,6 +163,9 @@ metadata: {{- end }} labels: {{ include "datadog.labels" . | indent 4 }} +{{- if .Values.agents.rbac.serviceAccountAdditionalLabels -}} +{{ tpl (toYaml .Values.agents.rbac.serviceAccountAdditionalLabels) . | nindent 4}} +{{- end }} {{- range $role := .Values.datadog.secretBackend.roles }} --- apiVersion: rbac.authorization.k8s.io/v1 diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index d769235d2..3b3f4eb45 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -43,10 +43,38 @@ data: conntrack_init_timeout: {{ $.Values.datadog.systemProbe.conntrackInitTimeout }} service_monitoring_config: enabled: {{ $.Values.datadog.serviceMonitoring.enabled }} + {{- if not (eq .Values.datadog.serviceMonitoring.httpMonitoringEnabled nil) }} + enable_http_monitoring: {{ $.Values.datadog.serviceMonitoring.httpMonitoringEnabled }} + {{- end }} + {{- if not (eq .Values.datadog.serviceMonitoring.http2MonitoringEnabled nil) }} + enable_http2_monitoring: {{ $.Values.datadog.serviceMonitoring.http2MonitoringEnabled }} + {{- end }} + tls: + {{- if not (eq .Values.datadog.serviceMonitoring.tls.go.enabled nil) }} + go: + enabled: {{ $.Values.datadog.serviceMonitoring.tls.go.enabled }} + {{- end }} + {{- if not (eq .Values.datadog.serviceMonitoring.tls.istio.enabled nil) }} + istio: + enabled: {{ $.Values.datadog.serviceMonitoring.tls.istio.enabled }} + {{- end }} + {{- if not (eq .Values.datadog.serviceMonitoring.tls.nodejs.enabled nil) }} + nodejs: + enabled: {{ $.Values.datadog.serviceMonitoring.tls.nodejs.enabled }} + {{- end }} + {{- if not (eq .Values.datadog.serviceMonitoring.tls.native.enabled nil) }} + native: + enabled: {{ $.Values.datadog.serviceMonitoring.tls.native.enabled }} + {{- end }} {{- if not (eq .Values.datadog.discovery.enabled nil) }} discovery: enabled: {{ $.Values.datadog.discovery.enabled }} + network_stats: + enabled: {{ $.Values.datadog.discovery.networkStats.enabled }} {{- end }} + gpu_monitoring: + enabled: {{ $.Values.datadog.gpuMonitoring.enabled }} + configure_cgroup_perms: {{ $.Values.datadog.gpuMonitoring.configureCgroupPerms }} runtime_security_config: enabled: {{ $.Values.datadog.securityAgent.runtime.enabled }} fim_enabled: {{ $.Values.datadog.securityAgent.runtime.fimEnabled }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index 330a1bf67..55df725d8 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -27,6 +27,8 @@ commonLabels: {} ## Azure - use datadoghq.azurecr.io ## AWS - use public.ecr.aws/datadog ## DockerHub - use docker.io/datadog +## If you are on GKE Autopilot, you must use a gcr.io variant registry. + registry: # gcr.io/datadoghq datadog: @@ -311,6 +313,10 @@ datadog: # datadog.kubelet.coreCheckEnabled -- Toggle if kubelet core check should be used instead of Python check. (Requires Agent/Cluster Agent 7.53.0+) # @default -- true coreCheckEnabled: true + # datadog.kubelet.podResourcesSocketDir -- Path (on host) where the kubelet.sock socket for the PodResources API is located + # @default -- /var/lib/kubelet/pod-resources + podResourcesSocketDir: /var/lib/kubelet/pod-resources + # datadog.expvarPort -- Specify the port to expose pprof and expvar to not interfere with the agent metrics port from the cluster-agent, which defaults to 5000 expvarPort: 6000 @@ -510,27 +516,43 @@ datadog: hostSocketPath: /var/run/datadog/ # APM Single Step Instrumentation - # This feature is in beta. It requires Cluster Agent 7.49+. + # This feature is in preview. It requires Cluster Agent 7.49+. instrumentation: - # datadog.apm.instrumentation.enabled -- Enable injecting the Datadog APM libraries into all pods in the cluster (beta). + # datadog.apm.instrumentation.enabled -- Enable injecting the Datadog APM libraries into all pods in the cluster (preview). enabled: false - # datadog.apm.instrumentation.enabledNamespaces -- Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). + # datadog.apm.instrumentation.enabledNamespaces -- Enable injecting the Datadog APM libraries into pods in specific namespaces (preview). enabledNamespaces: [] - # datadog.apm.instrumentation.disabledNamespaces -- Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). + # datadog.apm.instrumentation.disabledNamespaces -- Disable injecting the Datadog APM libraries into pods in specific namespaces (preview). disabledNamespaces: [] - # datadog.apm.instrumentation.libVersions -- Inject specific version of tracing libraries with Single Step Instrumentation (beta). + # datadog.apm.instrumentation.libVersions -- Inject specific version of tracing libraries with Single Step Instrumentation (preview). libVersions: {} + # datadog.apm.instrumentation.targets -- Enable target based workload selection (preview). + # Requires Cluster Agent 7.64.0+ + targets: [] + # - name: "example" + # podSelector: + # matchLabels: + # language: "python" + # namespaceSelector: + # matchNames: + # - "applications" + # ddTraceVersions: + # python: "v2" + # ddTraceConfigs: + # - name: "DD_PROFILING_ENABLED" + # value: "true" + # datadog.apm.instrumentation.skipKPITelemetry -- Disable generating Configmap for APM Instrumentation KPIs skipKPITelemetry: false # Language detection currently only detects languages and adds them as annotations on deployments, but doesn't use these languages for injecting libraries to applicative pods. # It requires Agent 7.52+ and Cluster Agent 7.52+ language_detection: - # datadog.apm.instrumentation.language_detection.enabled -- Run language detection to automatically detect languages of user workloads (beta). + # datadog.apm.instrumentation.language_detection.enabled -- Run language detection to automatically detect languages of user workloads (preview). enabled: true # This feature is in preview. It requires Cluster Agent 7.57+. @@ -598,6 +620,17 @@ datadog: # datadog.otelCollector.config -- OTel collector configuration config: null + ## Provide OTel Collector RBAC configuration + rbac: + # datadog.otelCollector.rbac.create -- If true, check OTel Collector config for k8sattributes processor + # and create required ClusterRole to access Kubernetes API + create: true + # datadog.otelCollector.rbac.rules -- A set of additional RBAC rules to apply to OTel Collector's ClusterRole + rules: [] + # - apiGroups: [""] + # resources: ["pods", "nodes"] + # verbs: ["get", "list", "watch"] + ## Continuous Profiler configuration ## ## Continuous Profiler is disabled by default and can be enabled by setting the `enabled` field to @@ -829,10 +862,45 @@ datadog: # datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring enabled: false + # datadog.serviceMonitoring.httpMonitoringEnabled -- Enable HTTP monitoring for Universal Service Monitoring (Requires Agent 7.40.0+). Empty values use the default setting in the datadog agent. + httpMonitoringEnabled: + + # datadog.serviceMonitoring.http2MonitoringEnabled -- Enable HTTP2 & gRPC monitoring for Universal Service Monitoring (Requires Agent 7.53.0+ and kernel 5.2 or later). Empty values use the default setting in the datadog agent. + http2MonitoringEnabled: + + tls: + go: + # datadog.serviceMonitoring.tls.go.enabled -- (bool) Enable TLS monitoring for Golang services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. + enabled: + istio: + # datadog.serviceMonitoring.tls.istio.enabled -- (bool) Enable TLS monitoring for Istio services (Requires Agent 7.50.0+). Empty values use the default setting in the datadog agent. + enabled: + nodejs: + # datadog.serviceMonitoring.tls.nodejs.enabled -- (bool) Enable TLS monitoring for Node.js services (Requires Agent 7.54.0+). Empty values use the default setting in the datadog agent. + enabled: + native: + # datadog.serviceMonitoring.tls.native.enabled -- (bool) Enable TLS monitoring for native (openssl, libssl, gnutls) services (Requires Agent 7.51.0+). Empty values use the default setting in the datadog agent. + enabled: + discovery: # datadog.discovery.enabled -- (bool) Enable Service Discovery enabled: # false + # datadog.discovery.networkStats.enabled -- (bool) Enable Service Discovery Network Stats + networkStats: + enabled: true + + gpuMonitoring: + # datadog.gpuMonitoring.enabled -- Enable GPU monitoring + enabled: false + + # datadog.gpuMonitoring.configureCgroupPerms -- Configure cgroup permissions for GPU monitoring + configureCgroupPerms: false + + # datadog.gpuMonitoring.runtimeClassName -- Runtime class name for the agent pods to get access to NVIDIA resources + runtimeClassName: "nvidia" + + # Software Bill of Materials configuration sbom: containerImage: @@ -1029,7 +1097,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.61.0 + tag: 7.63.3 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1105,6 +1173,9 @@ clusterAgent: # clusterAgent.rbac.serviceAccountAnnotations -- Annotations to add to the ServiceAccount if clusterAgent.rbac.create is true serviceAccountAnnotations: {} + # clusterAgent.rbac.serviceAccountAdditionalLabels -- Labels to add to the ServiceAccount if clusterAgent.rbac.create is true + serviceAccountAdditionalLabels: {} + # clusterAgent.rbac.automountServiceAccountToken -- If true, automatically mount the ServiceAccount's API credentials if clusterAgent.rbac.create is true automountServiceAccountToken: true @@ -1318,6 +1389,11 @@ clusterAgent: # username: datadog # password: + ## clusterAgent.kubernetesApiserverCheck -- correspond to options for configuring the kube_apiserver integration. + kubernetesApiserverCheck: + # clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus -- Set this to true to disable use_component_status for the kube_apiserver integration. + disableUseComponentStatus: false + # clusterAgent.resources -- Datadog cluster-agent resource requests and limits. resources: {} # requests: @@ -1510,7 +1586,7 @@ fips: name: fips-proxy # fips.image.tag -- Define the FIPS sidecar container version to use. - tag: 1.1.6 + tag: 1.1.8 # fips.image.pullPolicy -- Datadog the FIPS sidecar image pull policy pullPolicy: IfNotPresent @@ -1553,7 +1629,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.61.0 + tag: 7.63.3 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1597,6 +1673,9 @@ agents: # agents.rbac.serviceAccountAnnotations -- Annotations to add to the ServiceAccount if agents.rbac.create is true serviceAccountAnnotations: {} + # agents.rbac.serviceAccountAdditionalLabels -- Labels to add to the ServiceAccount if agents.rbac.create is true + serviceAccountAdditionalLabels: {} + # agents.rbac.automountServiceAccountToken -- If true, automatically mount the ServiceAccount's API credentials if agents.rbac.create is true automountServiceAccountToken: true @@ -2059,7 +2138,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.61.0 + tag: 7.63.3 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2097,6 +2176,10 @@ clusterChecksRunner: # clusterChecksRunner.rbac.serviceAccountAnnotations -- Annotations to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true serviceAccountAnnotations: {} + # clusterChecksRunner.rbac.serviceAccountAdditionalLabels -- Labels to add to the ServiceAccount if clusterChecksRunner.rbac.dedicated is true + serviceAccountAdditionalLabels: {} + + # clusterChecksRunner.rbac.automountServiceAccountToken -- If true, automatically mount the ServiceAccount's API credentials if clusterChecksRunner.rbac.create is true automountServiceAccountToken: true diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 67f6ead8f..9d553153a 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 2.4.0 + +* Official image `2.4.0` + +## 2.3.0 + +* Official image `2.3.0` + ## 2.2.3 * Official image `2.2.3` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 68e606a8f..e8f16d3d6 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.2.3" +version: "2.4.0" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.2.3" +appVersion: "2.4.0" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index c269a1d37..9b0817e8c 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.2.3](https://img.shields.io/badge/Version-2.2.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.3](https://img.shields.io/badge/AppVersion-2.2.3-informational?style=flat-square) +![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.4.0](https://img.shields.io/badge/AppVersion-2.4.0-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.2.3"` | Specify the image tag to use. | +| image.tag | string | `"2.4.0"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 965f7c6f0..daa678e01 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.2.3 + tag: 2.4.0 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index 0307f7a95..6195a41f5 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,21 @@ # Datadog changelog +## 0.15.8 + +* Update private action image version to `v0.1.14-beta` + +## 0.15.7 + +* Update private action image version to `v0.1.12-beta` + +## 0.15.6 + +* Update private action image version to `v0.1.11-beta` + +## 0.15.5 + +* Add gitlab credentials file example + ## 0.15.4 * Update private action image version to `v0.1.10-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index e0a6d1dc4..6d33baa70 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.15.4 +version: 0.15.8 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index e95c90477..bc57e9f47 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.4](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.8](https://img.shields.io/badge/Version-0.15.8-informational?style=flat-square) ![AppVersion: v0.1.14-beta](https://img.shields.io/badge/AppVersion-v0.1.14--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.10-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.14-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index be874474a..613d5f751 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.4](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) +![Version: 0.15.8](https://img.shields.io/badge/Version-0.15.8-informational?style=flat-square) ![AppVersion: v0.1.14-beta](https://img.shields.io/badge/AppVersion-v0.1.14--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/examples/values.yaml b/charts/private-action-runner/examples/values.yaml index 7d2106f39..a523409f3 100644 --- a/charts/private-action-runner/examples/values.yaml +++ b/charts/private-action-runner/examples/values.yaml @@ -172,3 +172,19 @@ credentialFiles: } ] } + - fileName: "gitlab_creds.json" + data: | + { + "auth_type": "Token Auth", + "credentials": [ + { + "tokenName": "baseURL", + "tokenValue": "GITLAB_BASE_URL" + }, + { + "tokenName": "gitlabApiToken", + "tokenValue": "GITLAB_API_TOKEN" + } + ] + } + diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 5fefaa9cf..c7deecfa0 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: gcr.io/datadoghq/private-action-runner - tag: v0.1.10-beta + tag: v0.1.14-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index 6e417352f..a131ae148 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,9 @@ # Datadog changelog +## 0.17.7 + +* Update private location image version to `1.55.0`. + ## 0.17.6 * Add optional annotations for service account. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 7d230dc66..98911590e 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.6 -appVersion: 1.54.0 +version: 0.17.7 +appVersion: 1.55.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index ca6824c55..79028fcea 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.6](https://img.shields.io/badge/Version-0.17.6-informational?style=flat-square) ![AppVersion: 1.54.0](https://img.shields.io/badge/AppVersion-1.54.0-informational?style=flat-square) +![Version: 0.17.7](https://img.shields.io/badge/Version-0.17.7-informational?style=flat-square) ![AppVersion: 1.55.0](https://img.shields.io/badge/AppVersion-1.55.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.54.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.55.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index c92dfd539..89a77ffcf 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.54.0 + tag: 1.55.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml index 5c4ed60b7..d0e4501c5 100644 --- a/crds/datadoghq.com_datadogagentprofiles.yaml +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -254,6 +254,12 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + runtimeClassName: + description: |- + If specified, indicates the pod's RuntimeClass kubelet should use to run the pod. + If the named RuntimeClass does not exist, or the CRI cannot run the corresponding handler, the pod enters the Failed terminal phase. + If no runtimeClassName is specified, the default RuntimeHandler is used, which is equivalent to the behavior when the RuntimeClass feature is disabled. + type: string updateStrategy: description: |- The deployment strategy to use to replace existing pods with new ones. diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index cd982f6df..05deca222 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -255,6 +255,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -702,6 +707,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: @@ -2438,6 +2506,8 @@ spec: replicas: format: int32 type: integer + runtimeClassName: + type: string securityContext: properties: appArmorProfile: @@ -3735,6 +3805,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -4182,6 +4257,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: diff --git a/crds/datadoghq.com_datadoggenericresources.yaml b/crds/datadoghq.com_datadoggenericresources.yaml new file mode 100644 index 000000000..2e0ff0a11 --- /dev/null +++ b/crds/datadoghq.com_datadoggenericresources.yaml @@ -0,0 +1,157 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: datadoggenericresources.datadoghq.com +spec: + group: datadoghq.com + names: + kind: DatadogGenericResource + listKind: DatadogGenericResourceList + plural: datadoggenericresources + shortNames: + - ddgr + singular: datadoggenericresource + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.id + name: id + type: string + - jsonPath: .status.syncStatus + name: sync status + type: string + - jsonPath: .metadata.creationTimestamp + name: age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DatadogGenericResource is the Schema for the DatadogGenericResources API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DatadogGenericResourceSpec defines the desired state of DatadogGenericResource + properties: + jsonSpec: + description: JsonSpec is the specification of the API object + type: string + type: + description: Type is the type of the API object + enum: + - notebook + - synthetics_api_test + - synthetics_browser_test + type: string + required: + - jsonSpec + - type + type: object + status: + description: DatadogGenericResourceStatus defines the observed state of DatadogGenericResource + properties: + conditions: + description: Conditions represents the latest available observations of the state of a DatadogGenericResource. + items: + description: Condition contains details for one aspect of the current state of this API Resource. + properties: + lastTransitionTime: + description: |- + lastTransitionTime is the last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + message is a human readable message indicating details about the transition. + This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: |- + observedGeneration represents the .metadata.generation that the condition was set based upon. + For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date + with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: |- + reason contains a programmatic identifier indicating the reason for the condition's last transition. + Producers of specific condition types may define expected values and meanings for this field, + and whether the values are considered a guaranteed API. + The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + created: + description: Created is the time the object was created. + format: date-time + type: string + creator: + description: Creator is the identity of the creator. + type: string + currentHash: + description: |- + CurrentHash tracks the hash of the current DatadogGenericResourceSpec to know + if the JsonSpec has changed and needs an update. + type: string + id: + description: Id is the object unique identifier generated in Datadog. + type: string + lastForceSyncTime: + description: LastForceSyncTime is the last time the API object was last force synced with the custom resource + format: date-time + type: string + syncStatus: + description: SyncStatus shows the health of syncing the object state to Datadog. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/crds/datadoghq.com_datadogpodautoscalers.yaml b/crds/datadoghq.com_datadogpodautoscalers.yaml index 148d84206..5a30875db 100644 --- a/crds/datadoghq.com_datadogpodautoscalers.yaml +++ b/crds/datadoghq.com_datadogpodautoscalers.yaml @@ -225,6 +225,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. @@ -291,6 +299,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. diff --git a/test/common/common.go b/test/common/common.go index c060ae173..8c71d242d 100644 --- a/test/common/common.go +++ b/test/common/common.go @@ -1,6 +1,9 @@ package common import ( + "bytes" + "fmt" + "io" "os" "path/filepath" "strings" @@ -10,6 +13,9 @@ import ( "github.com/gruntwork-io/terratest/modules/k8s" "github.com/gruntwork-io/terratest/modules/random" "github.com/stretchr/testify/require" + yaml "gopkg.in/yaml.v3" + appsv1 "k8s.io/api/apps/v1" + yaml2 "k8s.io/apimachinery/pkg/util/yaml" ) type HelmCommand struct { @@ -99,3 +105,73 @@ func WriteToFile(t *testing.T, filepath, content string) { err := os.WriteFile(filepath, []byte(content), 0644) require.NoError(t, err, "can't update manifest", "path", filepath) } + +func GetVolumeNames(ds appsv1.DaemonSet) []string { + volumeNames := []string{} + for _, volume := range ds.Spec.Template.Spec.Volumes { + volumeNames = append(volumeNames, volume.Name) + } + return volumeNames +} + +func Contains(str string, list []string) bool { + for _, s := range list { + if s == str { + return true + } + } + return false +} + +// Takes multi-document YAML and filter out keys from each document. +func FilterYamlKeysMultiManifest(manifest string, filterKeys map[string]interface{}) (string, error) { + reader := strings.NewReader(manifest) + decoder := yaml2.NewYAMLOrJSONDecoder(reader, 4096) + builder := strings.Builder{} + for { + var obj map[string]interface{} + // We read the next YAML document from the input stream until we reach EOF. + // This is needed if Helm rendering contains multiple resource manifests. + err := decoder.Decode(&obj) + if err == io.EOF { + break + } + if err != nil { + return "", fmt.Errorf("couldn't decode manifest for filtering dynamic keys: %s", err) + } + + filterKeysRecursive(&obj, filterKeys) + + var buf bytes.Buffer + enc := yaml.NewEncoder(&buf) + enc.SetIndent(2) // Adjust indentation (default is 4) + err = enc.Encode(obj) + if err != nil { + return "", fmt.Errorf("couldn't encode manifest after filtering: %s", err) + } + + err = enc.Close() + if err != nil { + return "", fmt.Errorf("couldn't close encoder: %s", err) + } + + output := buf.String() + _, err = builder.WriteString(output) + if err != nil { + return "", fmt.Errorf("couldn't write manifest string in builder: %s", err) + } + builder.WriteString("---\n") + } + return builder.String(), nil +} + +func filterKeysRecursive(yamlMap *map[string]interface{}, keys map[string]interface{}) { + for yamlKey := range *yamlMap { + if _, found := keys[yamlKey]; found { + // fmt.Println("deleting key", yamlKey) + delete(*yamlMap, yamlKey) + } else if nested, ok := (*yamlMap)[yamlKey].(map[string]interface{}); ok { + filterKeysRecursive(&nested, keys) + } + } +} diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index 0a364f99e..2dc1035de 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -7,7 +7,7 @@ metadata: controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-2.3.0' + helm.sh/chart: 'datadogCRDs-2.4.1' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -261,6 +261,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -708,6 +713,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: @@ -2444,6 +2512,8 @@ spec: replicas: format: int32 type: integer + runtimeClassName: + type: string securityContext: properties: appArmorProfile: @@ -3741,6 +3811,11 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean mutation: @@ -4188,6 +4263,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index a1e2c5a8e..cdf0174c5 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.5.1 + helm.sh/chart: datadog-operator-2.7.0 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.11.1" + app.kubernetes.io/version: "1.12.1" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.11.1" + image: "gcr.io/datadoghq/operator:1.12.1" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE @@ -60,6 +60,7 @@ spec: - "-datadogAgentEnabled=true" - "-datadogSLOEnabled=false" - "-datadogDashboardEnabled=false" + - "-datadogGenericResourceEnabled=false" - "-remoteConfigEnabled=false" ports: - name: metrics diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index 9c6ffa94c..230d07a07 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -121,7 +121,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.11.1", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.12.1", operatorContainer.Image) assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } diff --git a/test/datadog/autopilot_test.go b/test/datadog/autopilot_test.go new file mode 100644 index 000000000..83c27df74 --- /dev/null +++ b/test/datadog/autopilot_test.go @@ -0,0 +1,103 @@ +package datadog + +import ( + "fmt" + "github.com/DataDog/helm-charts/test/common" + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + corev1 "k8s.io/api/core/v1" + "testing" +) + +var allowedAutopilotHostPaths = map[string]interface{}{ + "/var/log/pods": nil, + "/var/log/containers": nil, + "/var/autopilot/addon/datadog/logs": nil, + "/var/lib/docker/containers": nil, + "/proc": nil, + "/sys/fs/cgroup": nil, + "/etc/passwd": nil, + "/var/run/containerd": nil, +} + +func Test_autopilotConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string) + }{ + { + name: "default", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "DD_CI": "true", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "providers.gke.autopilot": "true", + }, + }, + assertions: verifyDaemonsetAutopilotMinimal, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest) + }) + } +} + +func verifyDaemonsetAutopilotMinimal(t *testing.T, manifest string) { + var ds appsv1.DaemonSet + common.Unmarshal(t, manifest, &ds) + agentContainer := &corev1.Container{} + processAgentContainer := &corev1.Container{} + + assert.Equal(t, 2, len(ds.Spec.Template.Spec.Containers)) + + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Name == "agent" { + agentContainer = &container + } else if container.Name == "process-agent" { + processAgentContainer = &container + } + } + + assert.NotNil(t, agentContainer) + assert.NotNil(t, processAgentContainer) + + var validHostPath = true + for _, volume := range ds.Spec.Template.Spec.Volumes { + if volume.HostPath != nil { + _, validHostPath = allowedAutopilotHostPaths[volume.HostPath.Path] + assert.True(t, validHostPath, fmt.Sprintf("DaemonSet has restricted hostPath mounted: %s ", volume.HostPath.Path)) + } + } + + volumeNames := common.GetVolumeNames(ds) + for _, container := range ds.Spec.Template.Spec.Containers { + for _, volumeMount := range container.VolumeMounts { + assert.True(t, common.Contains(volumeMount.Name, volumeNames), + fmt.Sprintf("Found unexpected volumeMount `%s` in container `%s`", volumeMount.Name, container.Name)) + } + } + + validPorts := true + for _, container := range ds.Spec.Template.Spec.Containers { + if container.Ports != nil { + for _, port := range container.Ports { + if port.HostPort > 0 { + validPorts = false + break + } + } + } + } + assert.True(t, validPorts, "Daemonset has restricted hostPort mounted.") +} diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml deleted file mode 100644 index d14249794..000000000 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ /dev/null @@ -1,192 +0,0 @@ ---- -# Source: datadog/templates/agent-clusterchecks-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: datadog-clusterchecks - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: clusterchecks-agent - -spec: - replicas: 2 - revisionHistoryLimit: 10 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - selector: - matchLabels: - app: datadog-clusterchecks - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: clusterchecks-agent - admission.datadoghq.com/enabled: "false" - app: datadog-clusterchecks - - name: datadog-clusterchecks - annotations: - checksum/clusteragent_token: 37a2772ca63263767c6e7068e0045e49adbc15740749bda902e911cd80f1b43a - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 - spec: - serviceAccountName: datadog-cluster-checks - automountServiceAccountToken: true - imagePullSecrets: - [] - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for writing agent config files - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for writing datadog.yaml config file - resources: - {} - containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" - command: ["bash", "-c"] - args: - - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run - imagePullPolicy: IfNotPresent - env: - - - name: KUBERNETES - value: "yes" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: DD_HEALTH_PORT - value: "5557" - # Cluster checks (cluster-agent communication) - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - # Safely run alongside the daemonset - - name: DD_ENABLE_METADATA_COLLECTION - value: "false" - # Expose CLC stats - - name: DD_CLC_RUNNER_ENABLED - value: "true" - - name: DD_CLC_RUNNER_HOST - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: DD_CLC_RUNNER_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - # Remove unused features - - name: DD_USE_DOGSTATSD - value: "false" - - name: DD_PROCESS_AGENT_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_APM_ENABLED - value: "false" - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - - resources: - {} - volumeMounts: - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - volumes: - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the runners on different nodes if possible - # for better checks stability in case of node failure. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-clusterchecks - topologyKey: kubernetes.io/hostname - nodeSelector: - kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml deleted file mode 100644 index 54b4028fb..000000000 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ /dev/null @@ -1,271 +0,0 @@ ---- -# Source: datadog/templates/cluster-agent-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: datadog-cluster-agent - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: cluster-agent - -spec: - replicas: 1 - revisionHistoryLimit: 10 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - selector: - matchLabels: - app: datadog-cluster-agent - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: cluster-agent - admission.datadoghq.com/enabled: "false" - app: datadog-cluster-agent - - name: datadog-cluster-agent - annotations: - checksum/clusteragent_token: 406b54942cb117c07edbdf779143465270e695ae181ac7cb1510d7f51938bcba - checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a - checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b - checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 - spec: - serviceAccountName: datadog-cluster-agent - automountServiceAccountToken: true - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.61.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.61.0" - imagePullPolicy: IfNotPresent - resources: - {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - optional: true - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - - - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: "datadog" - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run - readOnly: false - - name: varlog - mountPath: /var/log/datadog - readOnly: false - - name: tmpdir - mountPath: /tmp - readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: confd - mountPath: /conf.d - readOnly: true - - name: config - mountPath: /etc/datadog-agent - volumes: - - name: datadogrun - emptyDir: {} - - name: varlog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: confd - configMap: - name: datadog-cluster-agent-confd - items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the cluster agents on different nodes - # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - nodeSelector: - kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml deleted file mode 100644 index e16a33377..000000000 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ /dev/null @@ -1,285 +0,0 @@ ---- -# Source: datadog/templates/cluster-agent-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: datadog-cluster-agent - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: cluster-agent - -spec: - replicas: 1 - revisionHistoryLimit: 10 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - selector: - matchLabels: - app: datadog-cluster-agent - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: cluster-agent - admission.datadoghq.com/enabled: "false" - app: datadog-cluster-agent - - name: datadog-cluster-agent - annotations: - checksum/clusteragent_token: 795ee1c256c20770693733bfa713d5614c1eea95d15e8141b6fa8a4894f81557 - checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a - checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b - checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 - spec: - serviceAccountName: datadog-cluster-agent - automountServiceAccountToken: true - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.61.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.61.0" - imagePullPolicy: IfNotPresent - resources: - {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - optional: true - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - - - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY - value: gcr.io/datadoghq - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME - value: agent - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.52.0 - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS - value: '[{"namespaceSelector":{"matchLabels":{"agentSidecars":"true"}},"objectSelector":{"matchLabels":{"app":"nginx","runsOn":"nodeless"}}}]' - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES - value: '[{"env":[{"name":"DD_ORCHESTRATOR_EXPLORER_ENABLED","value":"false"},{"name":"DD_TAGS","value":"key1:value1 key2:value2"}],"resources":{"limits":{"cpu":"2","memory":"1024Mi"},"requests":{"cpu":"1","memory":"512Mi"}}}]' - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: "datadog" - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run - readOnly: false - - name: varlog - mountPath: /var/log/datadog - readOnly: false - - name: tmpdir - mountPath: /tmp - readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: confd - mountPath: /conf.d - readOnly: true - - name: config - mountPath: /etc/datadog-agent - volumes: - - name: datadogrun - emptyDir: {} - - name: varlog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: confd - configMap: - name: datadog-cluster-agent-confd - items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the cluster agents on different nodes - # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - nodeSelector: - kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml deleted file mode 100644 index 90137e113..000000000 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ /dev/null @@ -1,281 +0,0 @@ ---- -# Source: datadog/templates/cluster-agent-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: datadog-cluster-agent - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: cluster-agent - -spec: - replicas: 1 - revisionHistoryLimit: 10 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - selector: - matchLabels: - app: datadog-cluster-agent - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: cluster-agent - admission.datadoghq.com/enabled: "false" - app: datadog-cluster-agent - - name: datadog-cluster-agent - annotations: - checksum/clusteragent_token: 4a9ef7efc38cb1ca3eebf80fe91e7447283866158f242d3e1f6f4fcde674bf0e - checksum/clusteragent-configmap: 57883159e63d717c5682a2f7f362dc07a0ded67378a893d77f99fa5d429b4a8a - checksum/api_key: 08203c81db295de2f7423eec8a95130b34c45870d3d63f36ce185a82b5c8f05b - checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 - spec: - serviceAccountName: datadog-cluster-agent - automountServiceAccountToken: true - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.61.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.61.0" - imagePullPolicy: IfNotPresent - resources: - {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog" - key: api-key - optional: true - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - - - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER - value: fargate - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME - value: agent - - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.61.0 - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: "datadog" - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run - readOnly: false - - name: varlog - mountPath: /var/log/datadog - readOnly: false - - name: tmpdir - mountPath: /tmp - readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: confd - mountPath: /conf.d - readOnly: true - - name: config - mountPath: /etc/datadog-agent - volumes: - - name: datadogrun - emptyDir: {} - - name: varlog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: confd - configMap: - name: datadog-cluster-agent-confd - items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the cluster agents on different nodes - # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - nodeSelector: - kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml deleted file mode 100644 index b664d3644..000000000 --- a/test/datadog/baseline/daemonset_default.yaml +++ /dev/null @@ -1,427 +0,0 @@ ---- -# Source: datadog/templates/daemonset.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: datadog - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: agent - -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: agent - admission.datadoghq.com/enabled: "false" - app: datadog - - name: datadog - annotations: - checksum/clusteragent_token: c456fcb1ef3669e17f99562f9daff2c69a0b63a382b597db38525e2169dff3da - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 - checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - spec: - - securityContext: - runAsUser: 0 - hostPID: true - containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: - {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "false" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "true" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_APM_ENABLED - value: "true" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "false" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "false" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" - - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - - name: trace-agent - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] - resources: - {} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_APM_ENABLED - value: "true" - - name: DD_APM_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_APM_RECEIVER_PORT - value: "8126" - - name: DD_APM_RECEIVER_SOCKET - value: "/var/run/datadog/apm.socket" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW for tmp directory - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 15 - tcpSocket: - port: 8126 - timeoutSeconds: 5 - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: - - bash - - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - resources: - {} - volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} - - hostPath: - path: /proc - name: procdir - - hostPath: - path: /sys/fs/cgroup - name: cgroups - - hostPath: - path: /etc/os-release - name: os-release-file - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: dsdsocket - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: apmsocket - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /var/run - name: runtimesocketdir - tolerations: - affinity: - {} - serviceAccountName: "datadog" - automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml deleted file mode 100644 index c8612e188..000000000 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ /dev/null @@ -1,280 +0,0 @@ ---- -# Source: datadog/templates/daemonset.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: datadog - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: agent - env.datadoghq.com/kind: gke-gdc -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: agent - admission.datadoghq.com/enabled: "false" - app: datadog - env.datadoghq.com/kind: gke-gdc - name: datadog - annotations: - checksum/clusteragent_token: bea41cde459ee76a26104fde88acde58e9cddfd64e19dde2f473bd471617a9bf - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 - checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - spec: - - securityContext: - runAsUser: 0 - containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: - {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - - - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_APM_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "false" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "false" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" - - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - - name: kubelet-cert-volume - mountPath: /certs - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: - - bash - - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - resources: - {} - volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} - - secret: - secretName: datadog-kubelet-cert - name: kubelet-cert-volume - tolerations: - affinity: - {} - serviceAccountName: "datadog" - automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml deleted file mode 100644 index 1a809c125..000000000 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ /dev/null @@ -1,301 +0,0 @@ ---- -# Source: datadog/templates/daemonset.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: datadog - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: agent - env.datadoghq.com/kind: gke-gdc -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: agent - admission.datadoghq.com/enabled: "false" - app: datadog - env.datadoghq.com/kind: gke-gdc - name: datadog - annotations: - checksum/clusteragent_token: b876b950a97ece20cb3ec3849c48e7b38822786a117db182b10fcef4fd038fcb - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 - checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - spec: - - securityContext: - runAsUser: 0 - containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: - {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - - - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_APM_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "true" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "true" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "true" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks endpointschecks" - - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - - name: pointerdir - mountPath: /opt/datadog-agent/run - mountPropagation: None - readOnly: false # Need RW for logs pointer - - name: logpodpath - mountPath: /var/log/pods - mountPropagation: None - readOnly: true - - name: logscontainerspath - mountPath: /var/log/containers - mountPropagation: None - readOnly: true - - name: kubelet-cert-volume - mountPath: /certs - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: - - bash - - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_KUBELET_CLIENT_CRT - value: /certs/tls.crt - - name: DD_KUBELET_CLIENT_KEY - value: /certs/tls.key - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: DD_HOSTNAME - value: "$(DD_NODE_NAME)-$(DD_CLUSTER_NAME)" - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - name: DD_PROVIDER_KIND - value: gke-gdc - resources: - {} - volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} - - hostPath: - path: /var/datadog/logs - name: pointerdir - - hostPath: - path: /var/log/pods - name: logpodpath - - hostPath: - path: /var/log/containers - name: logscontainerspath - - secret: - secretName: datadog-kubelet-cert - name: kubelet-cert-volume - tolerations: - affinity: - {} - serviceAccountName: "datadog" - automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate \ No newline at end of file diff --git a/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml new file mode 100644 index 000000000..a02ab9aad --- /dev/null +++ b/test/datadog/baseline/manifests/agent-clusterchecks-deployment_default.yaml @@ -0,0 +1,1585 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-checks + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + cluster_check: true + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + skip_leader_election: true + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-checks +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog-cluster-checks + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-checks + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_LOG_LEVEL + value: INFO + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + hostPID: true + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: clusterchecks-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-clusterchecks + namespace: datadog-agent +spec: + replicas: 2 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-clusterchecks + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-clusterchecks + app.kubernetes.io/component: clusterchecks-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-clusterchecks + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-clusterchecks + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - args: + - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run + command: + - bash + - -c + env: + - name: KUBERNETES + value: "yes" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_LOG_LEVEL + value: INFO + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks + - name: DD_HEALTH_PORT + value: "5557" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_ENABLE_METADATA_COLLECTION + value: "false" + - name: DD_CLC_RUNNER_ENABLED + value: "true" + - name: DD_CLC_RUNNER_HOST + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: DD_CLC_RUNNER_ID + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_USE_DOGSTATSD + value: "false" + - name: DD_PROCESS_AGENT_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_APM_ENABLED + value: "false" + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5557 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /etc/datadog-agent + name: config + readOnly: false + imagePullSecrets: [] + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-checks + volumes: + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_DURATION + value: "15" + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml b/test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml new file mode 100644 index 000000000..b2e152868 --- /dev/null +++ b/test/datadog/baseline/manifests/cluster-agent-deployment_default.yaml @@ -0,0 +1,974 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: + api-key: TUlTU0lORw== +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml new file mode 100644 index 000000000..595475011 --- /dev/null +++ b/test/datadog/baseline/manifests/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -0,0 +1,988 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: + api-key: TUlTU0lORw== +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.52.0 + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_SELECTORS + value: '[{"namespaceSelector":{"matchLabels":{"agentSidecars":"true"}},"objectSelector":{"matchLabels":{"app":"nginx","runsOn":"nodeless"}}}]' + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROFILES + value: '[{"env":[{"name":"DD_ORCHESTRATOR_EXPLORER_ENABLED","value":"false"},{"name":"DD_TAGS","value":"key1:value1 key2:value2"}],"resources":{"limits":{"cpu":"2","memory":"1024Mi"},"requests":{"cpu":"1","memory":"512Mi"}}}]' + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml new file mode 100644 index 000000000..9d609db5c --- /dev/null +++ b/test/datadog/baseline/manifests/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -0,0 +1,984 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: + api-key: TUlTU0lORw== +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_PROVIDER + value: fargate + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME + value: agent + - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG + value: 7.63.3 + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/daemonset_default.yaml b/test/datadog/baseline/manifests/daemonset_default.yaml new file mode 100644 index 000000000..0186c12b2 --- /dev/null +++ b/test/datadog/baseline/manifests/daemonset_default.yaml @@ -0,0 +1,1369 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_LOG_LEVEL + value: INFO + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + hostPID: true + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/default_all.yaml b/test/datadog/baseline/manifests/default_all.yaml new file mode 100644 index 000000000..0186c12b2 --- /dev/null +++ b/test/datadog/baseline/manifests/default_all.yaml @@ -0,0 +1,1369 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_LOG_LEVEL + value: INFO + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + hostPID: true + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/default_all_windows.yaml b/test/datadog/baseline/manifests/default_all_windows.yaml new file mode 100644 index 000000000..ab8a305b6 --- /dev/null +++ b/test/datadog/baseline/manifests/default_all_windows.yaml @@ -0,0 +1,1274 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: C:/ProgramData/Datadog/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: C:/ProgramData/Datadog/logs + name: logdatadog + readOnly: false + - mountPath: C:/ProgramData/Datadog + name: config + readOnly: false + - mountPath: C:/ProgramData/Datadog/auth + name: auth-token + readOnly: false + - mountPath: \\.\pipe\docker_engine + name: runtimesocket + - mountPath: \\.\pipe\containerd-containerd + name: containerdsocket + - command: + - process-agent + - -foreground + - --cfgpath=C:/ProgramData/Datadog/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: C:/ProgramData/Datadog/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_SYSTEM_PROBE_ENABLED + value: "false" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: process-agent + resources: {} + volumeMounts: + - mountPath: C:/ProgramData/Datadog + name: config + readOnly: true + - mountPath: C:/ProgramData/Datadog/logs + name: logdatadog + readOnly: false + - mountPath: \\.\pipe\docker_engine + name: runtimesocket + - mountPath: \\.\pipe\containerd-containerd + name: containerdsocket + initContainers: + - args: + - | + Copy-Item -Recurse -Force C:/ProgramData/Datadog C:/Temp + Copy-Item -Force C:/Temp/install_info/install_info C:/Temp/Datadog/install_info + command: + - pwsh + - -Command + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: C:/Temp/Datadog + name: config + readOnly: false + - mountPath: C:/Temp/install_info + name: installinfo + readOnly: true + - args: + - Get-ChildItem 'entrypoint-ps1' | ForEach-Object { & $_.FullName if (-Not $?) { exit 1 } } + command: + - pwsh + - -Command + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: C:/ProgramData/Datadog/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: C:/ProgramData/Datadog + name: config + readOnly: false + - mountPath: \\.\pipe\docker_engine + name: runtimesocket + - mountPath: \\.\pipe\containerd-containerd + name: containerdsocket + nodeSelector: + kubernetes.io/os: windows + serviceAccountName: datadog + tolerations: + - effect: NoSchedule + key: node.kubernetes.io/os + operator: Equal + value: windows + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - hostPath: + path: \\.\pipe\docker_engine + name: runtimesocket + - hostPath: + path: \\.\pipe\containerd-containerd + name: containerdsocket + - emptyDir: {} + name: logdatadog + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: C:/ProgramData/Datadog/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: windows + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/gdc_daemonset_default.yaml b/test/datadog/baseline/manifests/gdc_daemonset_default.yaml new file mode 100644 index 000000000..2b785325e --- /dev/null +++ b/test/datadog/baseline/manifests/gdc_daemonset_default.yaml @@ -0,0 +1,1229 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + env.datadoghq.com/kind: gke-gdc + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /certs + name: kubelet-cert-volume + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - name: kubelet-cert-volume + secret: + secretName: datadog-kubelet-cert + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + env.datadoghq.com/kind: gke-gdc + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..8a80316d0 --- /dev/null +++ b/test/datadog/baseline/manifests/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,1250 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + env.datadoghq.com/kind: gke-gdc + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "false" + - name: DD_LOGS_ENABLED + value: "true" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "true" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "true" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /opt/datadog-agent/run + mountPropagation: None + name: pointerdir + readOnly: false + - mountPath: /var/log/pods + mountPropagation: None + name: logpodpath + readOnly: true + - mountPath: /var/log/containers + mountPropagation: None + name: logscontainerspath + readOnly: true + - mountPath: /certs + name: kubelet-cert-volume + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: DD_HOSTNAME + value: $(DD_NODE_NAME)-$(DD_CLUSTER_NAME) + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROVIDER_KIND + value: gke-gdc + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /var/datadog/logs + name: pointerdir + - hostPath: + path: /var/log/pods + name: logpodpath + - hostPath: + path: /var/log/containers + name: logscontainerspath + - name: kubelet-cert-volume + secret: + secretName: datadog-kubelet-cert + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + env.datadoghq.com/kind: gke-gdc + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + env.datadoghq.com/kind: gke-gdc + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_KUBELET_CLIENT_CRT + value: /certs/tls.crt + - name: DD_KUBELET_CLIENT_KEY + value: /certs/tls.key + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/otel_enabled.yaml b/test/datadog/baseline/manifests/otel_enabled.yaml new file mode 100644 index 000000000..1edc170c9 --- /dev/null +++ b/test/datadog/baseline/manifests/otel_enabled.yaml @@ -0,0 +1,1533 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: v1 +data: + otel-config.yaml: | + receivers: + prometheus: + config: + scrape_configs: + - job_name: "otelcol" + scrape_interval: 10s + static_configs: + - targets: ["0.0.0.0:8888"] + otlp: + protocols: + grpc: + endpoint: 0.0.0.0:4317 + http: + endpoint: 0.0.0.0:4318 + exporters: + debug: + verbosity: detailed + datadog: + api: + key: ${env:DD_API_KEY} + site: "" + processors: + infraattributes: + cardinality: 2 + batch: + timeout: 10s + connectors: + datadog/connector: + traces: + compute_top_level_by_span_kind: true + peer_tags_aggregation: true + compute_stats_by_span_kind: true + service: + pipelines: + traces: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog, datadog/connector] + metrics: + receivers: [otlp, datadog/connector, prometheus] + processors: [infraattributes, batch] + exporters: [datadog] + logs: + receivers: [otlp] + processors: [infraattributes, batch] + exporters: [datadog] +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-otel-config + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + - name: otel-grpc + port: 4317 + protocol: TCP + targetPort: 4317 + - name: otel-http + port: 4318 + protocol: TCP + targetPort: 4318 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_AGENT_IPC_PORT + value: "5009" + - name: DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL + value: "60" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + - name: DD_OTELCOLLECTOR_ENABLED + value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_LOG_LEVEL + value: INFO + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - command: + - otel-agent + - --config=/etc/otel-agent/otel-config.yaml + - --core-config=/etc/datadog-agent/datadog.yaml + - --sync-delay=30s + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_AGENT_IPC_PORT + value: "5009" + - name: DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL + value: "60" + - name: DD_LOG_LEVEL + value: INFO + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: otel-agent + ports: + - containerPort: 4317 + name: otel-grpc + protocol: TCP + - containerPort: 4318 + name: otel-http + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /etc/otel-agent + name: otelconfig + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + hostPID: true + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + - configMap: + items: + - key: otel-config.yaml + path: otel-config.yaml + name: datadog-otel-config + name: otelconfig + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/manifests/other_default.yaml b/test/datadog/baseline/manifests/other_default.yaml new file mode 100644 index 000000000..0186c12b2 --- /dev/null +++ b/test/datadog/baseline/manifests/other_default.yaml @@ -0,0 +1,1369 @@ +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: Secret +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +type: Opaque +--- +apiVersion: v1 +data: + kubernetes_apiserver.yaml: |- + init_config: + instances: + - + filtering_enabled: false + unbundle_events: false + kubernetes_state_core.yaml.default: |- + init_config: + instances: + - collectors: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - daemonsets + - deployments + - replicasets + - statefulsets + - cronjobs + - jobs + - horizontalpodautoscalers + - poddisruptionbudgets + - storageclasses + - volumeattachments + - ingresses + labels_as_tags: + {} + annotations_as_tags: + {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-confd + namespace: datadog-agent +--- +apiVersion: v1 +data: {} +kind: ConfigMap +metadata: + annotations: {} + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-installinfo + namespace: datadog-agent +--- +apiVersion: v1 +data: + install_type: k8s_manual +kind: ConfigMap +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-kpi-telemetry-configmap + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +rules: + - apiGroups: + - "" + resources: + - services + - endpoints + - pods + - nodes + - namespaces + - componentstatuses + - limitranges + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - get + - list + - watch + - create + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch + - apiGroups: + - quota.openshift.io + resources: + - clusterresourcequotas + verbs: + - get + - list + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - "" + resourceNames: + - datadogtoken + - datadogtoken + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - "" + resourceNames: + - datadog-leader-election + - datadog-leader-election + resources: + - configmaps + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resourceNames: + - datadog-leader-election + resources: + - leases + verbs: + - get + - update + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - create + - apiGroups: + - "" + resources: + - configmaps + - events + verbs: + - create + - nonResourceURLs: + - /version + - /healthz + verbs: + - get + - apiGroups: + - "" + resourceNames: + - kube-system + resources: + - namespaces + verbs: + - get + - apiGroups: + - "" + resourceNames: + - datadog-cluster-id + resources: + - configmaps + verbs: + - create + - get + - update + - apiGroups: + - "" + resources: + - persistentvolumes + - persistentvolumeclaims + - serviceaccounts + verbs: + - list + - get + - watch + - apiGroups: + - apps + resources: + - deployments + - replicasets + - daemonsets + - statefulsets + verbs: + - list + - get + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - get + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - networkpolicies + verbs: + - list + - get + - watch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - roles + - rolebindings + - clusterroles + - clusterrolebindings + verbs: + - list + - get + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - list + - get + - watch + - apiGroups: + - autoscaling.k8s.io + resources: + - verticalpodautoscalers + verbs: + - list + - get + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - get + - watch + - apiGroups: + - admissionregistration.k8s.io + resourceNames: + - datadog-webhook + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - update + - delete + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps + resources: + - statefulsets + - replicasets + - deployments + - daemonsets + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog-cluster-agent + - hostnetwork + resources: + - securitycontextconstraints + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + - events + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch + - apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +rules: + - nonResourceURLs: + - /metrics + - /metrics/slis + verbs: + - get + - apiGroups: + - "" + resources: + - nodes/metrics + - nodes/spec + - nodes/proxy + - nodes/stats + verbs: + - get + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - apiGroups: + - security.openshift.io + resourceNames: + - datadog + - hostaccess + - privileged + resources: + - securitycontextconstraints + verbs: + - use + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - apiGroups: + - metrics.eks.amazonaws.com + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-cluster-agent +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-ksm-core +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog-ksm-core +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: datadog +subjects: + - kind: ServiceAccount + name: datadog + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - update + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent-main + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-cluster-agent-main +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-dca-flare + namespace: datadog-agent +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: datadog-dca-flare +subjects: + - kind: ServiceAccount + name: datadog-cluster-agent + namespace: datadog-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + ports: + - name: agentport + port: 5005 + protocol: TCP + selector: + app: datadog-cluster-agent + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog-cluster-agent-admission-controller + namespace: datadog-agent +spec: + ports: + - name: datadog-webhook + port: 443 + protocol: TCP + targetPort: 8000 + selector: + app: datadog-cluster-agent +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: datadog + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + heritage: Helm + release: datadog + name: datadog + namespace: datadog-agent +spec: + internalTrafficPolicy: Local + ports: + - name: dogstatsdport + port: 8125 + protocol: UDP + targetPort: 8125 + - name: traceport + port: 8126 + protocol: TCP + targetPort: 8126 + selector: + app: datadog +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog + namespace: datadog-agent +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog + app.kubernetes.io/component: agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog + spec: + affinity: {} + automountServiceAccountToken: true + containers: + - command: + - agent + - run + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED + value: "false" + - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED + value: "true" + - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED + value: "true" + - name: DD_STRIP_PROCESS_ARGS + value: "false" + - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED + value: "true" + - name: DD_LOG_LEVEL + value: INFO + - name: DD_DOGSTATSD_PORT + value: "8125" + - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_DOGSTATSD_TAG_CARDINALITY + value: low + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_APM_ENABLED + value: "true" + - name: DD_LOGS_ENABLED + value: "false" + - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL + value: "false" + - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE + value: "true" + - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION + value: "false" + - name: DD_HEALTH_PORT + value: "5555" + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_EXTRA_CONFIG_PROVIDERS + value: clusterchecks endpointschecks + - name: DD_IGNORE_AUTOCONF + value: kubernetes_state + - name: DD_CONTAINER_LIFECYCLE_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_EXPVAR_PORT + value: "6000" + - name: DD_COMPLIANCE_CONFIG_ENABLED + value: "false" + - name: DD_CONTAINER_IMAGE_ENABLED + value: "true" + - name: DD_KUBELET_CORE_CHECK_ENABLED + value: "true" + - name: DD_KUBERNETES_KUBELET_PODRESOURCES_SOCKET + value: /var/lib/kubelet/pod-resources/kubelet.sock + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: agent + ports: + - containerPort: 8125 + name: dogstatsdport + protocol: UDP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5555 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /host/etc/os-release + name: os-release-file + readOnly: true + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + - mountPath: /var/lib/kubelet/pod-resources + name: pod-resources-socket + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /etc/passwd + name: passwd + readOnly: true + - command: + - trace-agent + - -config=/etc/datadog-agent/datadog.yaml + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_LOG_LEVEL + value: INFO + - name: DD_APM_ENABLED + value: "true" + - name: DD_APM_NON_LOCAL_TRAFFIC + value: "true" + - name: DD_APM_RECEIVER_PORT + value: "8126" + - name: DD_APM_RECEIVER_SOCKET + value: /var/run/datadog/apm.socket + - name: DD_DOGSTATSD_SOCKET + value: /var/run/datadog/dsd.socket + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 15 + tcpSocket: + port: 8126 + timeoutSeconds: 5 + name: trace-agent + ports: + - containerPort: 8126 + name: traceport + protocol: TCP + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: true + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /etc/datadog-agent/auth + name: auth-token + readOnly: true + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/sys/fs/cgroup + mountPropagation: None + name: cgroups + readOnly: true + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /var/run/datadog + name: dsdsocket + readOnly: false + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + hostPID: true + initContainers: + - args: + - cp -r /etc/datadog-agent /opt + command: + - bash + - -c + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + resources: {} + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + readOnly: false + - args: + - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done + command: + - bash + - -c + env: + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "true" + - name: DD_AUTH_TOKEN_FILE_PATH + value: /etc/datadog-agent/auth/token + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_KUBERNETES_KUBELET_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: DD_OTLP_CONFIG_LOGS_ENABLED + value: "false" + image: gcr.io/datadoghq/agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-config + resources: {} + volumeMounts: + - mountPath: /etc/datadog-agent + name: config + readOnly: false + - mountPath: /var/log/datadog + name: logdatadog + readOnly: false + - mountPath: /host/proc + mountPropagation: None + name: procdir + readOnly: true + - mountPath: /host/var/run + mountPropagation: None + name: runtimesocketdir + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + runAsUser: 0 + serviceAccountName: datadog + tolerations: null + volumes: + - emptyDir: {} + name: auth-token + - configMap: + name: datadog-installinfo + name: installinfo + - emptyDir: {} + name: config + - emptyDir: {} + name: logdatadog + - emptyDir: {} + name: tmpdir + - emptyDir: {} + name: s6-run + - hostPath: + path: /var/lib/kubelet/pod-resources + name: pod-resources-socket + - hostPath: + path: /proc + name: procdir + - hostPath: + path: /sys/fs/cgroup + name: cgroups + - hostPath: + path: /etc/os-release + name: os-release-file + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: dsdsocket + - hostPath: + path: /var/run/datadog/ + type: DirectoryOrCreate + name: apmsocket + - hostPath: + path: /etc/passwd + name: passwd + - hostPath: + path: /var/run + name: runtimesocketdir + updateStrategy: + rollingUpdate: + maxUnavailable: 10% + type: RollingUpdate +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + app.kubernetes.io/version: "7" + name: datadog-cluster-agent + namespace: datadog-agent +spec: + replicas: 1 + revisionHistoryLimit: 10 + selector: + matchLabels: + app: datadog-cluster-agent + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + annotations: {} + labels: + admission.datadoghq.com/enabled: "false" + app: datadog-cluster-agent + app.kubernetes.io/component: cluster-agent + app.kubernetes.io/instance: datadog + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: datadog + name: datadog-cluster-agent + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: datadog-cluster-agent + topologyKey: kubernetes.io/hostname + weight: 50 + automountServiceAccountToken: true + containers: + - env: + - name: DD_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: DD_HEALTH_PORT + value: "5556" + - name: DD_API_KEY + valueFrom: + secretKeyRef: + key: api-key + name: datadog-secret + optional: true + - name: KUBERNETES + value: "yes" + - name: DD_LANGUAGE_DETECTION_ENABLED + value: "false" + - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME + value: datadog-webhook + - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED + value: "false" + - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME + value: datadog-cluster-agent-admission-controller + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE + value: socket + - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME + value: datadog + - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY + value: Ignore + - name: DD_ADMISSION_CONTROLLER_PORT + value: "8000" + - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY + value: gcr.io/datadoghq + - name: DD_REMOTE_CONFIGURATION_ENABLED + value: "false" + - name: DD_CLUSTER_CHECKS_ENABLED + value: "true" + - name: DD_EXTRA_CONFIG_PROVIDERS + value: kube_endpoints kube_services + - name: DD_EXTRA_LISTENERS + value: kube_endpoints kube_services + - name: DD_LOG_LEVEL + value: INFO + - name: DD_LEADER_ELECTION + value: "true" + - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE + value: configmap + - name: DD_LEADER_LEASE_NAME + value: datadog-leader-election + - name: DD_CLUSTER_AGENT_TOKEN_NAME + value: datadogtoken + - name: DD_COLLECT_KUBERNETES_EVENTS + value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" + - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED + value: "false" + - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME + value: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: token + name: datadog-cluster-agent + - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS + value: "false" + - name: DD_KUBE_RESOURCES_NAMESPACE + value: datadog-agent + - name: CHART_RELEASE_NAME + value: datadog + - name: AGENT_DAEMONSET + value: datadog + - name: CLUSTER_AGENT_DEPLOYMENT + value: datadog-cluster-agent + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "true" + - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED + value: "true" + - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED + value: "false" + - name: DD_INSTRUMENTATION_INSTALL_TIME + valueFrom: + configMapKeyRef: + key: install_time + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_ID + valueFrom: + configMapKeyRef: + key: install_id + name: datadog-kpi-telemetry-configmap + - name: DD_INSTRUMENTATION_INSTALL_TYPE + valueFrom: + configMapKeyRef: + key: install_type + name: datadog-kpi-telemetry-configmap + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + livenessProbe: + failureThreshold: 6 + httpGet: + path: /live + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + name: cluster-agent + ports: + - containerPort: 5005 + name: agentport + protocol: TCP + - containerPort: 5000 + name: agentmetrics + protocol: TCP + - containerPort: 8000 + name: datadog-webhook + protocol: TCP + readinessProbe: + failureThreshold: 6 + httpGet: + path: /ready + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + resources: {} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + startupProbe: + failureThreshold: 6 + httpGet: + path: /startup + port: 5556 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + volumeMounts: + - mountPath: /opt/datadog-agent/run + name: datadogrun + readOnly: false + - mountPath: /var/log/datadog + name: varlog + readOnly: false + - mountPath: /tmp + name: tmpdir + readOnly: false + - mountPath: /etc/datadog-agent/install_info + name: installinfo + readOnly: true + subPath: install_info + - mountPath: /conf.d + name: confd + readOnly: true + - mountPath: /etc/datadog-agent + name: config + initContainers: + - args: + - /etc/datadog-agent + - /opt + command: + - cp + - -r + image: gcr.io/datadoghq/cluster-agent:7.63.3 + imagePullPolicy: IfNotPresent + name: init-volume + volumeMounts: + - mountPath: /opt/datadog-agent + name: config + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: datadog-cluster-agent + volumes: + - emptyDir: {} + name: datadogrun + - emptyDir: {} + name: varlog + - emptyDir: {} + name: tmpdir + - configMap: + name: datadog-installinfo + name: installinfo + - configMap: + items: + - key: kubernetes_state_core.yaml.default + path: kubernetes_state_core.yaml.default + - key: kubernetes_apiserver.yaml + path: kubernetes_apiserver.yaml + name: datadog-cluster-agent-confd + name: confd + - emptyDir: {} + name: config +--- diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml deleted file mode 100644 index f6b4161bc..000000000 --- a/test/datadog/baseline/other_default.yaml +++ /dev/null @@ -1,1693 +0,0 @@ ---- -# Source: datadog/templates/agent-clusterchecks-pdb.yaml -apiVersion: "policy/v1" -kind: PodDisruptionBudget -metadata: - name: datadog-clusterchecks - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" -spec: - maxUnavailable: 1 - selector: - matchLabels: - app: datadog-clusterchecks ---- -# Source: datadog/templates/cluster-agent-pdb.yaml -apiVersion: "policy/v1" -kind: PodDisruptionBudget -metadata: - name: datadog-cluster-agent - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" -spec: - minAvailable: 1 - selector: - matchLabels: - app: datadog-cluster-agent ---- -# Source: datadog/templates/agent-clusterchecks-rbac.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app: "datadog" - chart: "datadog-3.88.0" - heritage: "Helm" - release: "datadog" - name: datadog-cluster-checks - namespace: datadog-agent ---- -# Source: datadog/templates/cluster-agent-rbac.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - labels: - app: "datadog" - chart: "datadog-3.88.0" - heritage: "Helm" - release: "datadog" - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - name: datadog-cluster-agent - namespace: datadog-agent ---- -# Source: datadog/templates/rbac.yaml -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: datadog - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" # end range $role := .Values.datadog.secretBackend.roles ---- -# Source: datadog/templates/secret-cluster-agent-token.yaml -apiVersion: v1 -kind: Secret -metadata: - name: datadog-cluster-agent - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" -type: Opaque -data: - token: "T0UwV1F3NzlTTjlVaDJzekhrSGdZczc1VnQzYThTMnY=" ---- -# Source: datadog/templates/cluster-agent-confd-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: datadog-cluster-agent-confd - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - annotations: - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a -data: - kubernetes_state_core.yaml.default: |- - cluster_check: true - init_config: - instances: - - collectors: - - secrets - - configmaps - - nodes - - pods - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - - daemonsets - - deployments - - replicasets - - statefulsets - - cronjobs - - jobs - - horizontalpodautoscalers - - poddisruptionbudgets - - storageclasses - - volumeattachments - - ingresses - skip_leader_election: true - labels_as_tags: - {} - annotations_as_tags: - {} - kubernetes_apiserver.yaml: |- - init_config: - instances: - - filtering_enabled: false - unbundle_events: false ---- -# Source: datadog/templates/install_info-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: datadog-installinfo - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - annotations: - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 -data: - install_info: | - --- - install_method: - tool: helm - tool_version: Helm - installer_version: datadog-3.88.0 ---- -# Source: datadog/templates/kpi-telemetry-configmap.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: datadog-kpi-telemetry-configmap - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" -data: - install_type: k8s_manual - install_id: "3e55a44e-ebf1-4c36-9d60-8d5a88c2c279" - install_time: "1736806509" ---- -# Source: datadog/templates/cluster-agent-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: ClusterRole -metadata: - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - name: datadog-cluster-agent -rules: -- apiGroups: - - "" - resources: - - services - - endpoints - - pods - - nodes - - namespaces - - componentstatuses - - limitranges - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - get - - list - - watch - - create -- apiGroups: - - "discovery.k8s.io" - resources: - - endpointslices - verbs: - - get - - list - - watch -- apiGroups: ["quota.openshift.io"] - resources: - - clusterresourcequotas - verbs: - - get - - list -- apiGroups: - - "autoscaling" - resources: - - horizontalpodautoscalers - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadogtoken # Kubernetes event collection state - - datadogtoken # Kept for backward compatibility with agent <7.37.0 - verbs: - - get - - update -- apiGroups: - - "" - resources: - - configmaps - resourceNames: - - datadog-leader-election # Leader election token - - datadog-leader-election # Kept for backward compatibility with agent <7.37.0 - verbs: - - get - - update -- apiGroups: - - "coordination.k8s.io" - resources: - - leases - resourceNames: - - datadog-leader-election # Leader election token - verbs: - - get - - update -- apiGroups: - - "coordination.k8s.io" - resources: - - leases - verbs: - - create -- apiGroups: # To create the leader election token and hpa events - - "" - resources: - - configmaps - - events - verbs: - - create -- nonResourceURLs: - - "/version" - - "/healthz" - verbs: - - get -- apiGroups: # to get the kube-system namespace UID and generate a cluster ID - - "" - resources: - - namespaces - resourceNames: - - "kube-system" - verbs: - - get -- apiGroups: # To create the cluster-id configmap - - "" - resources: - - configmaps - resourceNames: - - "datadog-cluster-id" - verbs: - - create - - get - - update -- apiGroups: - - "" - resources: - - persistentvolumes - - persistentvolumeclaims - - serviceaccounts - verbs: - - list - - get - - watch -- apiGroups: - - "apps" - resources: - - deployments - - replicasets - - daemonsets - - statefulsets - verbs: - - list - - get - - watch -- apiGroups: - - "batch" - resources: - - cronjobs - - jobs - verbs: - - list - - get - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - - networkpolicies - verbs: - - list - - get - - watch -- apiGroups: - - "rbac.authorization.k8s.io" - resources: - - roles - - rolebindings - - clusterroles - - clusterrolebindings - verbs: - - list - - get - - watch -- apiGroups: - - "storage.k8s.io" - resources: - - storageclasses - verbs: - - list - - get - - watch -- apiGroups: - - autoscaling.k8s.io - resources: - - verticalpodautoscalers - verbs: - - list - - get - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - get - - watch -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - resourceNames: - - "datadog-webhook" - verbs: ["get", "list", "watch", "update", "delete"] -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - - mutatingwebhookconfigurations - verbs: ["create"] -- apiGroups: ["batch"] - resources: ["jobs", "cronjobs"] - verbs: ["get"] -- apiGroups: ["apps"] - resources: ["statefulsets", "replicasets", "deployments", "daemonsets"] - verbs: ["get"] -- apiGroups: - - "security.openshift.io" - resources: - - securitycontextconstraints - verbs: - - use - resourceNames: - - datadog-cluster-agent - - hostnetwork ---- -# Source: datadog/templates/kube-state-metrics-core-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: ClusterRole -metadata: - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - name: datadog-ksm-core -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - - nodes - - pods - - services - - resourcequotas - - replicationcontrollers - - limitranges - - persistentvolumeclaims - - persistentvolumes - - namespaces - - endpoints - - events - verbs: - - list - - watch -- apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - list - - watch -- apiGroups: - - apps - resources: - - statefulsets - - daemonsets - - deployments - - replicasets - verbs: - - list - - watch -- apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - list - - watch -- apiGroups: - - autoscaling - resources: - - horizontalpodautoscalers - verbs: - - list - - watch -- apiGroups: - - policy - resources: - - poddisruptionbudgets - verbs: - - list - - watch -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - - volumeattachments - verbs: - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - list - - watch -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - list - - watch ---- -# Source: datadog/templates/rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: ClusterRole -metadata: - name: datadog - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" -rules: -- nonResourceURLs: - - "/metrics" - - "/metrics/slis" - verbs: - - get -- apiGroups: # Kubelet connectivity - - "" - resources: - - nodes/metrics - - nodes/spec - - nodes/proxy - - nodes/stats - verbs: - - get -- apiGroups: # leader election check - - "" - resources: - - endpoints - verbs: - - get -- apiGroups: - - "security.openshift.io" - resources: - - securitycontextconstraints - verbs: - - use - resourceNames: - - datadog - - hostaccess - - privileged -- apiGroups: # leader election check - - "coordination.k8s.io" - resources: - - leases - verbs: - - get ---- -# Source: datadog/templates/agent-clusterchecks-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - name: datadog-cluster-checks -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: datadog -subjects: - - kind: ServiceAccount - name: datadog-cluster-checks - namespace: datadog-agent ---- -# Source: datadog/templates/cluster-agent-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - name: datadog-cluster-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: datadog-cluster-agent -subjects: - - kind: ServiceAccount - name: datadog-cluster-agent - namespace: datadog-agent ---- -# Source: datadog/templates/kube-state-metrics-core-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: ClusterRoleBinding -metadata: - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - name: datadog-ksm-core -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: datadog-ksm-core -subjects: - - kind: ServiceAccount - name: datadog-cluster-checks - namespace: datadog-agent ---- -# Source: datadog/templates/rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: ClusterRoleBinding -metadata: - name: datadog - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: datadog -subjects: - - kind: ServiceAccount - name: datadog - namespace: datadog-agent ---- -# Source: datadog/templates/cluster-agent-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: Role -metadata: - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - name: datadog-cluster-agent-main - namespace: datadog-agent -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "update", "create"] ---- -# Source: datadog/templates/dca-helm-values-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: Role -metadata: - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - name: datadog-dca-flare - namespace: datadog-agent -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - verbs: - - get - - list ---- -# Source: datadog/templates/cluster-agent-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: RoleBinding -metadata: - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - name: "datadog-cluster-agent-main" - namespace: datadog-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: datadog-cluster-agent-main -subjects: - - kind: ServiceAccount - name: datadog-cluster-agent - namespace: datadog-agent ---- -# Source: datadog/templates/dca-helm-values-rbac.yaml -apiVersion: "rbac.authorization.k8s.io/v1" -kind: RoleBinding -metadata: - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - name: datadog-dca-flare - namespace: datadog-agent -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: datadog-dca-flare -subjects: - - kind: ServiceAccount - name: datadog-cluster-agent - namespace: datadog-agent ---- -# Source: datadog/templates/agent-services.yaml -apiVersion: v1 -kind: Service -metadata: - name: datadog-cluster-agent - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" -spec: - type: ClusterIP - selector: - app: datadog-cluster-agent - ports: - - port: 5005 - name: agentport - protocol: TCP ---- -# Source: datadog/templates/agent-services.yaml -apiVersion: v1 -kind: Service -metadata: - name: datadog-cluster-agent-admission-controller - namespace: datadog-agent - labels: - app: "datadog" - chart: "datadog-3.88.0" - release: "datadog" - heritage: "Helm" - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" -spec: - selector: - app: datadog-cluster-agent - ports: - - port: 443 - targetPort: 8000 - name: datadog-webhook - protocol: TCP ---- -# Source: datadog/templates/agent-services.yaml -apiVersion: v1 -kind: Service - -metadata: - name: datadog - namespace: datadog-agent - labels: - app: "datadog" - chart: "datadog-3.88.0" - release: "datadog" - heritage: "Helm" - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" -spec: - selector: - app: datadog - ports: - - protocol: UDP - port: 8125 - targetPort: 8125 - name: dogstatsdport - - protocol: TCP - port: 8126 - targetPort: 8126 - name: traceport - internalTrafficPolicy: Local ---- -# Source: datadog/templates/daemonset.yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: datadog - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: agent - -spec: - revisionHistoryLimit: 10 - selector: - matchLabels: - app: datadog - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: agent - admission.datadoghq.com/enabled: "false" - app: datadog - - name: datadog - annotations: - checksum/clusteragent_token: 8b856ec67f8792fa8141d5d88a721a5155de2227792a4c61fd221b5c6689df5d - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 - checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b - checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a - spec: - - securityContext: - runAsUser: 0 - hostPID: true - containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["agent", "run"] - - resources: - {} - ports: - - containerPort: 8125 - name: dogstatsdport - protocol: UDP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "false" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "true" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_DOGSTATSD_PORT - value: "8125" - - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_DOGSTATSD_TAG_CARDINALITY - value: "low" - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_APM_ENABLED - value: "true" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_LOGS_CONFIG_CONTAINER_COLLECT_ALL - value: "false" - - name: DD_LOGS_CONFIG_K8S_CONTAINER_USE_FILE - value: "true" - - name: DD_LOGS_CONFIG_AUTO_MULTI_LINE_DETECTION - value: "false" - - name: DD_HEALTH_PORT - value: "5555" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "endpointschecks" - - - name: DD_IGNORE_AUTOCONF - value: "kubernetes_state" - - name: DD_CONTAINER_LIFECYCLE_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_EXPVAR_PORT - value: "6000" - - name: DD_COMPLIANCE_CONFIG_ENABLED - value: "false" - - name: DD_CONTAINER_IMAGE_ENABLED - value: "true" - - name: DD_KUBELET_CORE_CHECK_ENABLED - value: "true" - volumeMounts: - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to /tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW to mount to config path - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: false # Need RW to write auth token - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5555 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - - name: trace-agent - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] - resources: - {} - ports: - - containerPort: 8126 - name: traceport - protocol: TCP - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_APM_ENABLED - value: "true" - - name: DD_APM_NON_LOCAL_TRAFFIC - value: "true" - - name: DD_APM_RECEIVER_PORT - value: "8126" - - name: DD_APM_RECEIVER_SOCKET - value: "/var/run/datadog/apm.socket" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW for tmp directory - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - livenessProbe: - initialDelaySeconds: 15 - periodSeconds: 15 - tcpSocket: - port: 8126 - timeoutSeconds: 5 - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for config path - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: - - bash - - -c - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - resources: - {} - volumes: - - name: auth-token - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - - - name: logdatadog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: s6-run - emptyDir: {} - - hostPath: - path: /proc - name: procdir - - hostPath: - path: /sys/fs/cgroup - name: cgroups - - hostPath: - path: /etc/os-release - name: os-release-file - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: dsdsocket - - hostPath: - path: /var/run/datadog/ - type: DirectoryOrCreate - name: apmsocket - - hostPath: - path: /etc/passwd - name: passwd - - hostPath: - path: /var/run - name: runtimesocketdir - tolerations: - affinity: - {} - serviceAccountName: "datadog" - automountServiceAccountToken: true - nodeSelector: - kubernetes.io/os: linux - updateStrategy: - rollingUpdate: - maxUnavailable: 10% - type: RollingUpdate ---- -# Source: datadog/templates/agent-clusterchecks-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: datadog-clusterchecks - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: clusterchecks-agent - -spec: - replicas: 2 - revisionHistoryLimit: 10 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - selector: - matchLabels: - app: datadog-clusterchecks - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: clusterchecks-agent - admission.datadoghq.com/enabled: "false" - app: datadog-clusterchecks - - name: datadog-clusterchecks - annotations: - checksum/clusteragent_token: 3653c2cfb1aae823a7f36aedc8380741670bfb9f18758132cb208d45d1cd0b6b - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 - spec: - serviceAccountName: datadog-cluster-checks - automountServiceAccountToken: true - imagePullSecrets: - [] - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - cp -r /etc/datadog-agent /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - readOnly: false # Need RW for writing agent config files - resources: - {} - - name: init-config - image: "gcr.io/datadoghq/agent:7.61.0" - imagePullPolicy: IfNotPresent - command: ["bash", "-c"] - args: - - for script in $(find /etc/cont-init.d/ -type f -name '*.sh' | sort) ; do bash $script ; done - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for writing datadog.yaml config file - resources: - {} - containers: - - name: agent - image: "gcr.io/datadoghq/agent:7.61.0" - command: ["bash", "-c"] - args: - - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run - imagePullPolicy: IfNotPresent - env: - - - name: KUBERNETES - value: "yes" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "clusterchecks" - - name: DD_HEALTH_PORT - value: "5557" - # Cluster checks (cluster-agent communication) - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - # Safely run alongside the daemonset - - name: DD_ENABLE_METADATA_COLLECTION - value: "false" - # Expose CLC stats - - name: DD_CLC_RUNNER_ENABLED - value: "true" - - name: DD_CLC_RUNNER_HOST - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: DD_CLC_RUNNER_ID - valueFrom: - fieldRef: - fieldPath: metadata.name - # Remove unused features - - name: DD_USE_DOGSTATSD - value: "false" - - name: DD_PROCESS_AGENT_ENABLED - value: "false" - - name: DD_LOGS_ENABLED - value: "false" - - name: DD_APM_ENABLED - value: "false" - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_HOSTNAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - - resources: - {} - volumeMounts: - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: config - mountPath: /etc/datadog-agent - readOnly: false # Need RW for config path - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5557 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - volumes: - - name: installinfo - configMap: - name: datadog-installinfo - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the runners on different nodes if possible - # for better checks stability in case of node failure. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-clusterchecks - topologyKey: kubernetes.io/hostname - nodeSelector: - kubernetes.io/os: linux ---- -# Source: datadog/templates/cluster-agent-deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: datadog-cluster-agent - namespace: datadog-agent - labels: - helm.sh/chart: 'datadog-3.88.0' - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/version: "7" - app.kubernetes.io/component: cluster-agent - -spec: - replicas: 1 - revisionHistoryLimit: 10 - strategy: - rollingUpdate: - maxSurge: 1 - maxUnavailable: 0 - type: RollingUpdate - selector: - matchLabels: - app: datadog-cluster-agent - template: - metadata: - labels: - app.kubernetes.io/name: "datadog" - app.kubernetes.io/instance: "datadog" - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/component: cluster-agent - admission.datadoghq.com/enabled: "false" - app: datadog-cluster-agent - - name: datadog-cluster-agent - annotations: - checksum/clusteragent_token: 42324d7b2e100268673aa3a6b356ff7b191a437d121680f69bd6f00761336c22 - checksum/clusteragent-configmap: c0fbaef09d8f108962e862318211303e8039aed3e6e95697fc23cb2c3894e5ea - checksum/install_info: c4085619f73a106a92bfd597fcc33dc3860f5a5e984bf75fc16adcda43b15f70 - spec: - serviceAccountName: datadog-cluster-agent - automountServiceAccountToken: true - initContainers: - - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.61.0" - imagePullPolicy: IfNotPresent - command: - - cp - - -r - args: - - /etc/datadog-agent - - /opt - volumeMounts: - - name: config - mountPath: /opt/datadog-agent - containers: - - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.61.0" - imagePullPolicy: IfNotPresent - resources: - {} - ports: - - containerPort: 5005 - name: agentport - protocol: TCP - - containerPort: 5000 - name: agentmetrics - protocol: TCP - - containerPort: 8000 - name: datadog-webhook - protocol: TCP - env: - - name: DD_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: DD_HEALTH_PORT - value: "5556" - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - optional: true - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED - value: "true" - - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME - value: "datadog-webhook" - - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED - value: "false" - - name: DD_ADMISSION_CONTROLLER_SERVICE_NAME - value: datadog-cluster-agent-admission-controller - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_MODE - value: socket - - name: DD_ADMISSION_CONTROLLER_INJECT_CONFIG_LOCAL_SERVICE_NAME - value: datadog - - name: DD_ADMISSION_CONTROLLER_FAILURE_POLICY - value: "Ignore" - - name: DD_ADMISSION_CONTROLLER_PORT - value: "8000" - - name: DD_ADMISSION_CONTROLLER_CONTAINER_REGISTRY - value: "gcr.io/datadoghq" - - - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "false" - - name: DD_CLUSTER_CHECKS_ENABLED - value: "true" - - name: DD_EXTRA_CONFIG_PROVIDERS - value: "kube_endpoints kube_services" - - name: DD_EXTRA_LISTENERS - value: "kube_endpoints kube_services" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_LEADER_ELECTION - value: "true" - - name: DD_LEADER_ELECTION_DEFAULT_RESOURCE - value: "configmap" - - name: DD_LEADER_LEASE_DURATION - value: "15" - - name: DD_LEADER_LEASE_NAME - value: datadog-leader-election - - name: DD_CLUSTER_AGENT_TOKEN_NAME - value: datadogtoken - - name: DD_COLLECT_KUBERNETES_EVENTS - value: "true" - - name: DD_KUBERNETES_USE_ENDPOINT_SLICES - value: "false" - - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED - value: "false" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - name: DD_CLUSTER_AGENT_COLLECT_KUBERNETES_TAGS - value: "false" - - name: DD_KUBE_RESOURCES_NAMESPACE - value: datadog-agent - - name: CHART_RELEASE_NAME - value: "datadog" - - name: AGENT_DAEMONSET - value: datadog - - name: CLUSTER_AGENT_DEPLOYMENT - value: datadog-cluster-agent - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - - name: DD_ORCHESTRATOR_EXPLORER_CONTAINER_SCRUBBING_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_LANGUAGE_DETECTION_PATCHER_ENABLED - value: "false" - - name: DD_INSTRUMENTATION_INSTALL_TIME - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_time - - name: DD_INSTRUMENTATION_INSTALL_ID - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_id - - name: DD_INSTRUMENTATION_INSTALL_TYPE - valueFrom: - configMapKeyRef: - name: datadog-kpi-telemetry-configmap - key: install_type - - livenessProbe: - failureThreshold: 6 - httpGet: - path: /live - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - readinessProbe: - failureThreshold: 6 - httpGet: - path: /ready - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - startupProbe: - failureThreshold: 6 - httpGet: - path: /startup - port: 5556 - scheme: HTTP - initialDelaySeconds: 15 - periodSeconds: 15 - successThreshold: 1 - timeoutSeconds: 5 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - volumeMounts: - - name: datadogrun - mountPath: /opt/datadog-agent/run - readOnly: false - - name: varlog - mountPath: /var/log/datadog - readOnly: false - - name: tmpdir - mountPath: /tmp - readOnly: false - - name: installinfo - subPath: install_info - mountPath: /etc/datadog-agent/install_info - readOnly: true - - name: confd - mountPath: /conf.d - readOnly: true - - name: config - mountPath: /etc/datadog-agent - volumes: - - name: datadogrun - emptyDir: {} - - name: varlog - emptyDir: {} - - name: tmpdir - emptyDir: {} - - name: installinfo - configMap: - name: datadog-installinfo - - name: confd - configMap: - name: datadog-cluster-agent-confd - items: - - key: kubernetes_state_core.yaml.default - path: kubernetes_state_core.yaml.default - - key: kubernetes_apiserver.yaml - path: kubernetes_apiserver.yaml - - name: config - emptyDir: {} - affinity: - # Prefer scheduling the cluster agents on different nodes - # to guarantee that the standby instance can immediately take the lead from a leader running of a faulty node. - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - weight: 50 - podAffinityTerm: - labelSelector: - matchLabels: - app: datadog-cluster-agent - topologyKey: kubernetes.io/hostname - nodeSelector: - kubernetes.io/os: linux \ No newline at end of file diff --git a/test/datadog/baseline/values/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/values/agent-clusterchecks-deployment_default.yaml new file mode 100644 index 000000000..cb455bac1 --- /dev/null +++ b/test/datadog/baseline/values/agent-clusterchecks-deployment_default.yaml @@ -0,0 +1,9 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret + kubeStateMetricsCore: + useClusterCheckRunners: true + clusterChecks: + enabled: true + clusterChecksRunner: + enabled: true diff --git a/test/datadog/baseline/values/cluster-agent-deployment_default.yaml b/test/datadog/baseline/values/cluster-agent-deployment_default.yaml new file mode 100644 index 000000000..e69de29bb diff --git a/test/datadog/baseline/values/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/values/cluster-agent-deployment_default_advanced_AC_injection.yaml new file mode 100644 index 000000000..9c5cae3bf --- /dev/null +++ b/test/datadog/baseline/values/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -0,0 +1,31 @@ +clusterAgent: + enabled: true + admissionController: + enabled: true + agentSidecarInjection: + enabled: true + clusterAgentCommunicationEnabled: false + containerRegistry: gcr.io/datadoghq + imageName: agent + imageTag: 7.52.0 + selectors: + - objectSelector: + matchLabels: + "runsOn": nodeless + "app": nginx + namespaceSelector: + matchLabels: + agentSidecars: "true" + profiles: + - env: + - name: DD_ORCHESTRATOR_EXPLORER_ENABLED + value: "false" + - name: DD_TAGS + value: "key1:value1 key2:value2" + resources: + requests: + cpu: "1" + memory: "512Mi" + limits: + cpu: "2" + memory: "1024Mi" diff --git a/test/datadog/baseline/values/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/values/cluster-agent-deployment_default_minimal_AC_injection.yaml new file mode 100644 index 000000000..9dbd3a20a --- /dev/null +++ b/test/datadog/baseline/values/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -0,0 +1,8 @@ +clusterAgent: + enabled: true + admissionController: + enabled: true + clusterAgentCommunicationEnabled: false + agentSidecarInjection: + enabled: true + provider: fargate diff --git a/test/datadog/baseline/values/daemonset_default.yaml b/test/datadog/baseline/values/daemonset_default.yaml new file mode 100644 index 000000000..709640314 --- /dev/null +++ b/test/datadog/baseline/values/daemonset_default.yaml @@ -0,0 +1,3 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret diff --git a/test/datadog/baseline/values/default_all.yaml b/test/datadog/baseline/values/default_all.yaml new file mode 100644 index 000000000..709640314 --- /dev/null +++ b/test/datadog/baseline/values/default_all.yaml @@ -0,0 +1,3 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret diff --git a/test/datadog/baseline/values/default_all_windows.yaml b/test/datadog/baseline/values/default_all_windows.yaml new file mode 100644 index 000000000..edc1989d6 --- /dev/null +++ b/test/datadog/baseline/values/default_all_windows.yaml @@ -0,0 +1,5 @@ +targetSystem: windows + +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret diff --git a/test/datadog/baseline/values/gdc_daemonset_default.yaml b/test/datadog/baseline/values/gdc_daemonset_default.yaml new file mode 100644 index 000000000..381a5a2af --- /dev/null +++ b/test/datadog/baseline/values/gdc_daemonset_default.yaml @@ -0,0 +1,6 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret +providers: + gke: + gdc: true diff --git a/test/datadog/baseline/values/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/values/gdc_daemonset_logs_collection.yaml new file mode 100644 index 000000000..79756ebea --- /dev/null +++ b/test/datadog/baseline/values/gdc_daemonset_logs_collection.yaml @@ -0,0 +1,11 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret + logs: + enabled: true + containerCollectAll: true + containerCollectUsingFiles: true + autoMultiLineDetection: true +providers: + gke: + gdc: true diff --git a/test/datadog/baseline/values/otel_enabled.yaml b/test/datadog/baseline/values/otel_enabled.yaml new file mode 100644 index 000000000..c475dc26c --- /dev/null +++ b/test/datadog/baseline/values/otel_enabled.yaml @@ -0,0 +1,6 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret + + otelCollector: + enabled: true \ No newline at end of file diff --git a/test/datadog/baseline/values/other_default.yaml b/test/datadog/baseline/values/other_default.yaml new file mode 100644 index 000000000..dcb117185 --- /dev/null +++ b/test/datadog/baseline/values/other_default.yaml @@ -0,0 +1,12 @@ +datadog: + apiKeyExistingSecret: datadog-secret + appKeyExistingSecret: datadog-secret + kubeStateMetricsCore: + useClusterCheckRunners": true + clusterChecks: + enabled": true + clusterChecksRunner: + enabled: true, + createPodDisruptionBudget": true + clusterAgent: + createPodDisruptionBudget": true diff --git a/test/datadog/baseline_test.go b/test/datadog/baseline_test.go index baf66fe53..05697b237 100644 --- a/test/datadog/baseline_test.go +++ b/test/datadog/baseline_test.go @@ -3,200 +3,77 @@ package datadog import ( "bufio" "io" + "os" "strings" "testing" "github.com/DataDog/helm-charts/test/common" "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/yaml" + yaml "gopkg.in/yaml.v3" + yaml2 "k8s.io/apimachinery/pkg/util/yaml" ) -func Test_baseline_manifests(t *testing.T) { - tests := []struct { - name string - command common.HelmCommand - baselineManifestPath string - assertions func(t *testing.T, baselineManifestPath, manifest string) - }{ - { - name: "Daemonset default", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - }, - }, - baselineManifestPath: "./baseline/daemonset_default.yaml", - assertions: verifyDaemonset, - }, - { - name: "DCA Deployment default", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{}, - }, - baselineManifestPath: "./baseline/cluster-agent-deployment_default.yaml", - assertions: verifyDeployment, - }, - { - name: "DCA Deployment default with minimal AC sidecar injection", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, - Values: []string{"../../charts/datadog/values.yaml", - "./manifests/dca_AC_sidecar_fargateMinimal.yaml"}, - Overrides: map[string]string{}, - }, - baselineManifestPath: "./baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml", - assertions: verifyDeployment, - }, - { - name: "DCA Deployment default with advanced AC sidecar injection", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/cluster-agent-deployment.yaml"}, - Values: []string{"../../charts/datadog/values.yaml", - "./manifests/dca_AC_sidecar_advanced.yaml"}, - Overrides: map[string]string{}, - }, - baselineManifestPath: "./baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml", - assertions: verifyDeployment, - }, - { - name: "CLC Deployment default", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/agent-clusterchecks-deployment.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.kubeStateMetricsCore.useClusterCheckRunners": "true", - "datadog.clusterChecks.enabled": "true", - "clusterChecksRunner.enabled": "true", - }}, - baselineManifestPath: "./baseline/agent-clusterchecks-deployment_default.yaml", - assertions: verifyDeployment, - }, - { - name: "Other resources, skips Deployment, DaemonSet, Secret; creates PDBs", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.kubeStateMetricsCore.useClusterCheckRunners": "true", - "datadog.clusterChecks.enabled": "true", - "clusterChecksRunner.enabled": "true", - // Create PDB for DCA and CLC - "clusterAgent.createPodDisruptionBudget": "true", - "clusterChecksRunner.createPodDisruptionBudget": "true", - }}, - baselineManifestPath: "./baseline/other_default.yaml", - assertions: verifyUntypedResources, - }, - { - name: "GDC DaemonSet default", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "providers.gke.gdc": "true", - }, - }, - baselineManifestPath: "./baseline/gdc_daemonset_default.yaml", - assertions: verifyDaemonset, - }, - { - name: "GDC DaemonSet logs collection enabled", - command: common.HelmCommand{ +var FilterKeys = map[string]interface{}{ + "helm.sh/chart": nil, + "checksum/clusteragent_token": nil, + "checksum/clusteragent-configmap": nil, + "checksum/install_info": nil, + "checksum": nil, + "checksum/autoconf-config": nil, + "checksum/checksd-config": nil, + "checksum/confd-config": nil, + "checksum/otel-config": nil, + "checksum/api_key": nil, + "checksum/application_key": nil, + // ServiceAccount + "chart": nil, + // ConfigMap + "install_id": nil, + "install_time": nil, + // Secret + "token": nil, + // install info CM, it contains chart version + // TODO: we are dropping everything; instead could we have a mapper/function for these keys or separate for coverage. + "install_info": nil, +} + +func Test_baseline_inputs(t *testing.T) { + files, err := os.ReadDir("./baseline/values") + assert.Nil(t, err, "couldn't read baseline values directory") + for _, file := range files { + t.Run(file.Name(), func(t *testing.T) { + manifest, err := common.RenderChart(t, common.HelmCommand{ ReleaseName: "datadog", ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.logs.enabled": "true", - "datadog.logs.containerCollectAll": "true", - "datadog.logs.containerCollectUsingFiles": "true", - "datadog.logs.autoMultiLineDetection": "true", - "providers.gke.gdc": "true", - }, - }, - baselineManifestPath: "./baseline/gdc_daemonset_logs_collection.yaml", - assertions: verifyDaemonset, - }, - } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - manifest, err := common.RenderChart(t, tt.command) + Values: []string{"./baseline/values/" + file.Name()}, + }) assert.Nil(t, err, "couldn't render template") + + manifest, err = common.FilterYamlKeysMultiManifest(manifest, FilterKeys) + + if err != nil { + t.Fatalf("couldn't filter yaml keys: %v", err) + } + t.Log("update baselines", common.UpdateBaselines) if common.UpdateBaselines { - common.WriteToFile(t, tt.baselineManifestPath, manifest) + common.WriteToFile(t, "./baseline/manifests/"+file.Name(), manifest) } - tt.assertions(t, tt.baselineManifestPath, manifest) + + verifyUntypedResources(t, "./baseline/manifests/"+file.Name(), manifest) }) } } -func verifyDaemonset(t *testing.T, baselineManifestPath, manifest string) { - verifyBaseline(t, baselineManifestPath, manifest, appsv1.DaemonSet{}, appsv1.DaemonSet{}) -} - -func verifyDeployment(t *testing.T, baselineManifestPath, manifest string) { - verifyBaseline(t, baselineManifestPath, manifest, appsv1.Deployment{}, appsv1.Deployment{}) -} - -func verifyBaseline[T any](t *testing.T, baselineManifestPath, manifest string, baseline, actual T) { - common.Unmarshal(t, manifest, &actual) - common.LoadFromFile(t, baselineManifestPath, &baseline) - - // Exclude - // - "helm.sh/chart" label - // - checksum annotations - // - Image - // to avoid frequent baseline update and CI failures. - ops := make(cmp.Options, 0) - ops = append(ops, cmpopts.IgnoreMapEntries(func(k, v string) bool { - return k == "helm.sh/chart" || k == "checksum/clusteragent_token" || strings.Contains(k, "checksum") - })) - ops = append(ops, cmpopts.IgnoreFields(corev1.Container{}, "Image")) - - assert.True(t, cmp.Equal(baseline, actual, ops), cmp.Diff(baseline, actual)) -} - func verifyUntypedResources(t *testing.T, baselineManifestPath, actual string) { baselineManifest := common.ReadFile(t, baselineManifestPath) rB := bufio.NewReader(strings.NewReader(baselineManifest)) - baselineReader := yaml.NewYAMLReader(rB) + baselineReader := yaml2.NewYAMLReader(rB) rA := bufio.NewReader(strings.NewReader(actual)) - expectedReader := yaml.NewYAMLReader(rA) + expectedReader := yaml2.NewYAMLReader(rA) for { baselineResource, errB := baselineReader.Read() @@ -212,20 +89,6 @@ func verifyUntypedResources(t *testing.T, baselineManifestPath, actual string) { yaml.Unmarshal(baselineResource, &expected) yaml.Unmarshal(actualResource, &actual) - assert.Equal(t, expected["kind"], actual["kind"]) - kind := expected["kind"] - if kind == "Deployment" || kind == "DaemonSet" || kind == "Secret" { - continue - } - - ops := make(cmp.Options, 0) - ops = append(ops, cmpopts.IgnoreMapEntries(func(k string, v any) bool { - // skip these as these change frequently - t.Log(k, v) - return k == "helm.sh/chart" || k == "token" || strings.Contains(k, "checksum") || - k == "Image" || k == "install_id" || k == "install_time" - })) - - assert.True(t, cmp.Equal(expected, actual, ops), cmp.Diff(expected, actual)) + assert.True(t, cmp.Equal(expected, actual), cmp.Diff(expected, actual)) } } diff --git a/test/datadog/gdc_test.go b/test/datadog/gdc_test.go index b8b2ecf98..b68ac2a4a 100644 --- a/test/datadog/gdc_test.go +++ b/test/datadog/gdc_test.go @@ -75,6 +75,14 @@ func verifyDaemonsetGDCMinimal(t *testing.T, manifest string) { } } + volumeNames := common.GetVolumeNames(ds) + for _, container := range ds.Spec.Template.Spec.Containers { + for _, volumeMount := range container.VolumeMounts { + assert.True(t, common.Contains(volumeMount.Name, volumeNames), + fmt.Sprintf("Found unexpected volumeMount `%s` in container `%s`", volumeMount.Name, container.Name)) + } + } + validPorts := true for _, container := range ds.Spec.Template.Spec.Containers { if container.Ports != nil { diff --git a/test/datadog/otel_agent_test.go b/test/datadog/otel_agent_test.go new file mode 100644 index 000000000..a14b8368e --- /dev/null +++ b/test/datadog/otel_agent_test.go @@ -0,0 +1,75 @@ +package datadog + +import ( + "testing" + + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + + "github.com/DataDog/helm-charts/test/common" +) + +const ( + DDAgentIpcPort = "DD_AGENT_IPC_PORT" + DDAgentIpcConfigRefreshInterval = "DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL" +) + +type ExpectedIpcEnv struct { + ipcPort string + ipcConfigRefreshInterval string +} + +func Test_otelAgentConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string, expectedIpcEnv ExpectedIpcEnv) + expectedIpcEnv ExpectedIpcEnv + }{ + { + name: "no ipc provided", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.otelCollector.enabled": "true", + }, + }, + expectedIpcEnv: ExpectedIpcEnv{ + ipcPort: "5009", + ipcConfigRefreshInterval: "60", + }, + assertions: verifyOtelAgentEnvVars, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest, tt.expectedIpcEnv) + }) + } +} + +func verifyOtelAgentEnvVars(t *testing.T, manifest string, expectedIpcEnv ExpectedIpcEnv) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + // otel agent + otelAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "otel-agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(otelAgentContainer.Env) + assert.Equal(t, expectedIpcEnv.ipcPort, coreEnvs[DDAgentIpcPort]) + assert.Equal(t, expectedIpcEnv.ipcConfigRefreshInterval, coreEnvs[DDAgentIpcConfigRefreshInterval]) + + // core agent + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs = getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, expectedIpcEnv.ipcPort, coreEnvs[DDAgentIpcPort]) + assert.Equal(t, expectedIpcEnv.ipcConfigRefreshInterval, coreEnvs[DDAgentIpcConfigRefreshInterval]) +} diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index 10946f82d..9f1e986d7 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -179,10 +179,10 @@ func Test_processAgentConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "agents.image.tag": "7.52.0", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.tag": "7.52.0", }, }, assertions: verifyLinuxRunInCoreAgentOld, @@ -195,10 +195,10 @@ func Test_processAgentConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "agents.image.doNotCheckTag": "true", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.doNotCheckTag": "true", }, }, assertions: verifyLinuxRunInCoreAgentOld, diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index a6842ac84..dde465491 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.10-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.14-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 0f68c4cc1..7642a2e89 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.10-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.14-beta" imagePullPolicy: IfNotPresent ports: - name: http